OpenVPN
socket.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include "socket.h"
30#include "fdmisc.h"
31#include "misc.h"
32#include "gremlin.h"
33#include "plugin.h"
34#include "ps.h"
35#include "run_command.h"
36#include "manage.h"
37#include "misc.h"
38#include "manage.h"
39#include "openvpn.h"
40#include "forward.h"
41
42#include "memdbg.h"
43
44bool
45sockets_read_residual(const struct context *c)
46{
47 int i;
48
49 for (i = 0; i < c->c1.link_sockets_num; i++)
50 {
51 if (c->c2.link_sockets[i]->stream_buf.residual_fully_formed)
52 {
53 return true;
54 }
55 }
56 return false;
57}
58
59/*
60 * Convert sockflags/getaddr_flags into getaddr_flags
61 */
62static unsigned int
63sf2gaf(const unsigned int getaddr_flags, const unsigned int sockflags)
64{
65 if (sockflags & SF_HOST_RANDOMIZE)
66 {
67 return getaddr_flags | GETADDR_RANDOMIZE;
68 }
69 else
70 {
71 return getaddr_flags;
72 }
73}
74
75/*
76 * Functions related to the translation of DNS names to IP addresses.
77 */
78static int
79get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, void *network,
80 unsigned int *netbits, int resolve_retry_seconds, struct signal_info *sig_info,
81 int msglevel)
82{
83 char *endp, *sep, *var_host = NULL;
84 struct addrinfo *ai = NULL;
85 unsigned long bits;
86 uint8_t max_bits;
87 int ret = -1;
88
89 if (!hostname)
90 {
91 msg(M_NONFATAL, "Can't resolve null hostname!");
92 goto out;
93 }
94
95 /* assign family specific default values */
96 switch (af)
97 {
98 case AF_INET:
99 bits = 0;
100 max_bits = sizeof(in_addr_t) * 8;
101 break;
102
103 case AF_INET6:
104 bits = 64;
105 max_bits = sizeof(struct in6_addr) * 8;
106 break;
107
108 default:
109 msg(M_WARN, "Unsupported AF family passed to getaddrinfo for %s (%d)", hostname, af);
110 goto out;
111 }
112
113 /* we need to modify the hostname received as input, but we don't want to
114 * touch it directly as it might be a constant string.
115 *
116 * Therefore, we clone the string here and free it at the end of the
117 * function */
118 var_host = strdup(hostname);
119 if (!var_host)
120 {
121 msg(M_NONFATAL | M_ERRNO, "Can't allocate hostname buffer for getaddrinfo");
122 goto out;
123 }
124
125 /* check if this hostname has a /bits suffix */
126 sep = strchr(var_host, '/');
127 if (sep)
128 {
129 bits = strtoul(sep + 1, &endp, 10);
130 if ((*endp != '\0') || (bits > max_bits))
131 {
132 msg(msglevel, "IP prefix '%s': invalid '/bits' spec (%s)", hostname, sep + 1);
133 goto out;
134 }
135 *sep = '\0';
136 }
137
138 ret = openvpn_getaddrinfo(flags & ~GETADDR_HOST_ORDER, var_host, NULL, resolve_retry_seconds,
139 sig_info, af, &ai);
140 if ((ret == 0) && network)
141 {
142 struct in6_addr *ip6;
143 in_addr_t *ip4;
144
145 switch (af)
146 {
147 case AF_INET:
148 ip4 = network;
149 *ip4 = ((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr;
150
151 if (flags & GETADDR_HOST_ORDER)
152 {
153 *ip4 = ntohl(*ip4);
154 }
155 break;
156
157 case AF_INET6:
158 ip6 = network;
159 *ip6 = ((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr;
160 break;
161
162 default:
163 /* can't get here because 'af' was previously checked */
164 msg(M_WARN, "Unsupported AF family for %s (%d)", var_host, af);
165 goto out;
166 }
167 }
168
169 if (netbits)
170 {
171 *netbits = bits;
172 }
173
174 /* restore '/' separator, if any */
175 if (sep)
176 {
177 *sep = '/';
178 }
179out:
180 freeaddrinfo(ai);
181 free(var_host);
182
183 return ret;
184}
185
186in_addr_t
187getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded,
188 struct signal_info *sig_info)
189{
190 in_addr_t addr;
191 int status;
192
193 status = get_addr_generic(AF_INET, flags, hostname, &addr, NULL, resolve_retry_seconds,
194 sig_info, M_WARN);
195 if (status == 0)
196 {
197 if (succeeded)
198 {
199 *succeeded = true;
200 }
201 return addr;
202 }
203 else
204 {
205 if (succeeded)
206 {
207 *succeeded = false;
208 }
209 return 0;
210 }
211}
212
213bool
214get_ipv6_addr(const char *hostname, struct in6_addr *network, unsigned int *netbits, int msglevel)
215{
216 if (get_addr_generic(AF_INET6, GETADDR_RESOLVE, hostname, network, netbits, 0, NULL, msglevel)
217 < 0)
218 {
219 return false;
220 }
221
222 return true; /* parsing OK, values set */
223}
224
225static inline bool
226streqnull(const char *a, const char *b)
227{
228 if (a == NULL && b == NULL)
229 {
230 return true;
231 }
232 else if (a == NULL || b == NULL)
233 {
234 return false;
235 }
236 else
237 {
238 return streq(a, b);
239 }
240}
241
242/*
243 * get_cached_dns_entry return 0 on success and -1
244 * otherwise. (like getaddrinfo)
245 */
246static int
247get_cached_dns_entry(struct cached_dns_entry *dns_cache, const char *hostname, const char *servname,
248 int ai_family, int resolve_flags, struct addrinfo **ai)
249{
250 struct cached_dns_entry *ph;
251 int flags;
252
253 /* Only use flags that are relevant for the structure */
254 flags = resolve_flags & GETADDR_CACHE_MASK;
255
256 for (ph = dns_cache; ph; ph = ph->next)
257 {
258 if (streqnull(ph->hostname, hostname) && streqnull(ph->servname, servname)
259 && ph->ai_family == ai_family && ph->flags == flags)
260 {
261 *ai = ph->ai;
262 return 0;
263 }
264 }
265 return -1;
266}
267
268
269static int
270do_preresolve_host(struct context *c, const char *hostname, const char *servname, const int af,
271 const int flags)
272{
273 struct addrinfo *ai;
274 int status;
275
276 if (get_cached_dns_entry(c->c1.dns_cache, hostname, servname, af, flags, &ai) == 0)
277 {
278 /* entry already cached, return success */
279 return 0;
280 }
281
282 status = openvpn_getaddrinfo(flags, hostname, servname, c->options.resolve_retry_seconds, NULL,
283 af, &ai);
284 if (status == 0)
285 {
286 struct cached_dns_entry *ph;
287
288 ALLOC_OBJ_CLEAR_GC(ph, struct cached_dns_entry, &c->gc);
289 ph->ai = ai;
290 ph->hostname = hostname;
291 ph->servname = servname;
292 ph->flags = flags & GETADDR_CACHE_MASK;
293
294 if (!c->c1.dns_cache)
295 {
296 c->c1.dns_cache = ph;
297 }
298 else
299 {
300 struct cached_dns_entry *prev = c->c1.dns_cache;
301 while (prev->next)
302 {
303 prev = prev->next;
304 }
305 prev->next = ph;
306 }
307
308 gc_addspecial(ai, &gc_freeaddrinfo_callback, &c->gc);
309 }
310 return status;
311}
312
313void
314do_preresolve(struct context *c)
315{
316 struct connection_list *l = c->options.connection_list;
317 const unsigned int preresolve_flags = GETADDR_RESOLVE | GETADDR_UPDATE_MANAGEMENT_STATE
318 | GETADDR_MENTION_RESOLVE_RETRY | GETADDR_FATAL;
319
320
321 for (int i = 0; i < l->len; ++i)
322 {
323 int status;
324 const char *remote;
325 int flags = preresolve_flags;
326
327 struct connection_entry *ce = l->array[i];
328
329 if (proto_is_dgram(ce->proto))
330 {
331 flags |= GETADDR_DATAGRAM;
332 }
333
334 if (c->options.sockflags & SF_HOST_RANDOMIZE)
335 {
336 flags |= GETADDR_RANDOMIZE;
337 }
338
339 if (c->options.ip_remote_hint)
340 {
341 remote = c->options.ip_remote_hint;
342 }
343 else
344 {
345 remote = ce->remote;
346 }
347
348 /* HTTP remote hostname does not need to be resolved */
349 if (!ce->http_proxy_options)
350 {
351 status = do_preresolve_host(c, remote, ce->remote_port, ce->af, flags);
352 if (status != 0)
353 {
354 goto err;
355 }
356 }
357
358 /* Preresolve proxy */
359 if (ce->http_proxy_options)
360 {
361 status = do_preresolve_host(c, ce->http_proxy_options->server,
362 ce->http_proxy_options->port, ce->af, preresolve_flags);
363
364 if (status != 0)
365 {
366 goto err;
367 }
368 }
369
370 if (ce->socks_proxy_server)
371 {
372 status =
373 do_preresolve_host(c, ce->socks_proxy_server, ce->socks_proxy_port, ce->af, flags);
374 if (status != 0)
375 {
376 goto err;
377 }
378 }
379
380 if (ce->bind_local)
381 {
382 flags |= GETADDR_PASSIVE;
383 flags &= ~GETADDR_RANDOMIZE;
384
385 for (int j = 0; j < ce->local_list->len; j++)
386 {
387 struct local_entry *le = ce->local_list->array[j];
388
389 if (!le->local)
390 {
391 continue;
392 }
393
394 status = do_preresolve_host(c, le->local, le->port, ce->af, flags);
395 if (status != 0)
396 {
397 goto err;
398 }
399 }
400 }
401 }
402 return;
403
404err:
405 throw_signal_soft(SIGHUP, "Preresolving failed");
406}
407
408static int
409socket_get_sndbuf(socket_descriptor_t sd)
410{
411#if defined(SOL_SOCKET) && defined(SO_SNDBUF)
412 int val;
413 socklen_t len;
414
415 len = sizeof(val);
416 if (getsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *)&val, &len) == 0 && len == sizeof(val))
417 {
418 return val;
419 }
420#endif
421 return 0;
422}
423
424static void
425socket_set_sndbuf(socket_descriptor_t sd, int size)
426{
427#if defined(SOL_SOCKET) && defined(SO_SNDBUF)
428 if (setsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *)&size, sizeof(size)) != 0)
429 {
430 msg(M_WARN, "NOTE: setsockopt SO_SNDBUF=%d failed", size);
431 }
432#endif
433}
434
435static int
436socket_get_rcvbuf(socket_descriptor_t sd)
437{
438#if defined(SOL_SOCKET) && defined(SO_RCVBUF)
439 int val;
440 socklen_t len;
441
442 len = sizeof(val);
443 if (getsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *)&val, &len) == 0 && len == sizeof(val))
444 {
445 return val;
446 }
447#endif
448 return 0;
449}
450
451static bool
452socket_set_rcvbuf(socket_descriptor_t sd, int size)
453{
454#if defined(SOL_SOCKET) && defined(SO_RCVBUF)
455 if (setsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *)&size, sizeof(size)) != 0)
456 {
457 msg(M_WARN, "NOTE: setsockopt SO_RCVBUF=%d failed", size);
458 return false;
459 }
460 return true;
461#endif
462}
463
464void
465socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size *sbs, bool reduce_size)
466{
467 if (sbs)
468 {
469 const int sndbuf_old = socket_get_sndbuf(fd);
470 const int rcvbuf_old = socket_get_rcvbuf(fd);
471
472 if (sbs->sndbuf && (reduce_size || sndbuf_old < sbs->sndbuf))
473 {
474 socket_set_sndbuf(fd, sbs->sndbuf);
475 }
476
477 if (sbs->rcvbuf && (reduce_size || rcvbuf_old < sbs->rcvbuf))
478 {
479 socket_set_rcvbuf(fd, sbs->rcvbuf);
480 }
481
482 msg(D_OSBUF, "Socket Buffers: R=[%d->%d] S=[%d->%d]", rcvbuf_old, socket_get_rcvbuf(fd),
483 sndbuf_old, socket_get_sndbuf(fd));
484 }
485}
486
487/*
488 * Set other socket options
489 */
490
491static bool
492socket_set_tcp_nodelay(socket_descriptor_t sd, int state)
493{
494#if defined(_WIN32) || (defined(IPPROTO_TCP) && defined(TCP_NODELAY))
495 if (setsockopt(sd, IPPROTO_TCP, TCP_NODELAY, (void *)&state, sizeof(state)) != 0)
496 {
497 msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed", state);
498 return false;
499 }
500 else
501 {
502 dmsg(D_OSBUF, "Socket flags: TCP_NODELAY=%d succeeded", state);
503 return true;
504 }
505#else /* if defined(_WIN32) || (defined(IPPROTO_TCP) && defined(TCP_NODELAY)) */
506 msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed (No kernel support)", state);
507 return false;
508#endif
509}
510
511static inline void
512socket_set_mark(socket_descriptor_t sd, int mark)
513{
514#if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
515 if (mark && setsockopt(sd, SOL_SOCKET, SO_MARK, (void *)&mark, sizeof(mark)) != 0)
516 {
517 msg(M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark);
518 }
519#endif
520}
521
522static bool
523socket_set_flags(socket_descriptor_t sd, unsigned int sockflags)
524{
525 /* SF_TCP_NODELAY doesn't make sense for dco-win */
526 if ((sockflags & SF_TCP_NODELAY) && (!(sockflags & SF_DCO_WIN)))
527 {
528 return socket_set_tcp_nodelay(sd, 1);
529 }
530 else
531 {
532 return true;
533 }
534}
535
536bool
537link_socket_update_flags(struct link_socket *sock, unsigned int sockflags)
538{
539 if (sock && socket_defined(sock->sd))
540 {
541 sock->sockflags |= sockflags;
542 return socket_set_flags(sock->sd, sock->sockflags);
543 }
544 else
545 {
546 return false;
547 }
548}
549
550void
551link_socket_update_buffer_sizes(struct link_socket *sock, int rcvbuf, int sndbuf)
552{
553 if (sock && socket_defined(sock->sd))
554 {
555 sock->socket_buffer_sizes.sndbuf = sndbuf;
556 sock->socket_buffer_sizes.rcvbuf = rcvbuf;
557 socket_set_buffers(sock->sd, &sock->socket_buffer_sizes, true);
558 }
559}
560
561/*
562 * SOCKET INITIALIZATION CODE.
563 * Create a TCP/UDP socket
564 */
565
566socket_descriptor_t
567create_socket_tcp(struct addrinfo *addrinfo)
568{
569 socket_descriptor_t sd;
570
571 ASSERT(addrinfo);
572 ASSERT(addrinfo->ai_socktype == SOCK_STREAM);
573
574 if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
575 {
576 msg(M_ERR, "Cannot create TCP socket");
577 }
578
579#ifndef _WIN32 /* using SO_REUSEADDR on Windows will cause bind to succeed on port conflicts! */
580 /* set SO_REUSEADDR on socket */
581 {
582 int on = 1;
583 if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)) < 0)
584 {
585 msg(M_ERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP socket");
586 }
587 }
588#endif
589
590 /* set socket file descriptor to not pass across execs, so that
591 * scripts don't have access to it */
592 set_cloexec(sd);
593
594 return sd;
595}
596
597static socket_descriptor_t
598create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
599{
600 socket_descriptor_t sd;
601
602 ASSERT(addrinfo);
603 ASSERT(addrinfo->ai_socktype == SOCK_DGRAM);
604
605 if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
606 {
607 msg(M_ERR, "UDP: Cannot create UDP/UDP6 socket");
608 }
609#if ENABLE_IP_PKTINFO
610 else if (flags & SF_USE_IP_PKTINFO)
611 {
612 int pad = 1;
613 if (addrinfo->ai_family == AF_INET)
614 {
615#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
616 if (setsockopt(sd, SOL_IP, IP_PKTINFO, (void *)&pad, sizeof(pad)) < 0)
617 {
618 msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO");
619 }
620#elif defined(IP_RECVDSTADDR)
621 if (setsockopt(sd, IPPROTO_IP, IP_RECVDSTADDR, (void *)&pad, sizeof(pad)) < 0)
622 {
623 msg(M_ERR, "UDP: failed setsockopt for IP_RECVDSTADDR");
624 }
625#else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
626#error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
627#endif
628 }
629 else if (addrinfo->ai_family == AF_INET6)
630 {
631#ifndef IPV6_RECVPKTINFO /* Some older Darwin platforms require this */
632 if (setsockopt(sd, IPPROTO_IPV6, IPV6_PKTINFO, (void *)&pad, sizeof(pad)) < 0)
633#else
634 if (setsockopt(sd, IPPROTO_IPV6, IPV6_RECVPKTINFO, (void *)&pad, sizeof(pad)) < 0)
635#endif
636 {
637 msg(M_ERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");
638 }
639 }
640 }
641#endif /* if ENABLE_IP_PKTINFO */
642
643 /* set socket file descriptor to not pass across execs, so that
644 * scripts don't have access to it */
645 set_cloexec(sd);
646
647 return sd;
648}
649
650static void
651bind_local(struct link_socket *sock, const sa_family_t ai_family)
652{
653 /* bind to local address/port */
654 if (sock->bind_local)
655 {
656 if (sock->socks_proxy && sock->info.proto == PROTO_UDP)
657 {
658 socket_bind(sock->ctrl_sd, sock->info.lsa->bind_local, ai_family, "SOCKS", false);
659 }
660 else
661 {
662 socket_bind(sock->sd, sock->info.lsa->bind_local, ai_family, "TCP/UDP",
663 sock->info.bind_ipv6_only);
664 }
665 }
666}
667
668static void
669create_socket(struct link_socket *sock, struct addrinfo *addr)
670{
671 if (addr->ai_protocol == IPPROTO_UDP || addr->ai_socktype == SOCK_DGRAM)
672 {
673 sock->sd = create_socket_udp(addr, sock->sockflags);
674 sock->sockflags |= SF_GETADDRINFO_DGRAM;
675
676 /* Assume that control socket and data socket to the socks proxy
677 * are using the same IP family */
678 if (sock->socks_proxy)
679 {
680 /* Construct a temporary addrinfo to create the socket,
681 * currently resolve two remote addresses is not supported,
682 * TODO: Rewrite the whole resolve_remote */
683 struct addrinfo addrinfo_tmp = *addr;
684 addrinfo_tmp.ai_socktype = SOCK_STREAM;
685 addrinfo_tmp.ai_protocol = IPPROTO_TCP;
686 sock->ctrl_sd = create_socket_tcp(&addrinfo_tmp);
687 }
688 }
689 else if (addr->ai_protocol == IPPROTO_TCP || addr->ai_socktype == SOCK_STREAM)
690 {
691 sock->sd = create_socket_tcp(addr);
692 }
693 else
694 {
695 ASSERT(0);
696 }
697 /* Set af field of sock->info, so it always reflects the address family
698 * of the created socket */
699 sock->info.af = addr->ai_family;
700
701 /* set socket buffers based on --sndbuf and --rcvbuf options */
702 socket_set_buffers(sock->sd, &sock->socket_buffer_sizes, true);
703
704 /* set socket to --mark packets with given value */
705 socket_set_mark(sock->sd, sock->mark);
706
707#if defined(TARGET_LINUX)
708 if (sock->bind_dev)
709 {
710 msg(M_INFO, "Using bind-dev %s", sock->bind_dev);
711 if (setsockopt(sock->sd, SOL_SOCKET, SO_BINDTODEVICE, sock->bind_dev,
712 strlen(sock->bind_dev) + 1)
713 != 0)
714 {
715 msg(M_WARN | M_ERRNO, "WARN: setsockopt SO_BINDTODEVICE=%s failed", sock->bind_dev);
716 }
717 }
718#endif
719
720 bind_local(sock, addr->ai_family);
721}
722
723#ifdef TARGET_ANDROID
724static void
725protect_fd_nonlocal(int fd, const struct sockaddr *addr)
726{
727 if (!management)
728 {
729 msg(M_FATAL, "Required management interface not available.");
730 }
731
732 /* pass socket FD to management interface to pass on to VPNService API
733 * as "protected socket" (exempt from being routed into tunnel)
734 */
735 if (addr_local(addr))
736 {
737 msg(D_SOCKET_DEBUG, "Address is local, not protecting socket fd %d", fd);
738 return;
739 }
740
741 msg(D_SOCKET_DEBUG, "Protecting socket fd %d", fd);
742 management->connection.fdtosend = fd;
743 management_android_control(management, "PROTECTFD", __func__);
744}
745#endif
746
747/*
748 * Functions used for establishing a TCP stream connection.
749 */
750static void
751socket_do_listen(socket_descriptor_t sd, const struct addrinfo *local, bool do_listen,
752 bool do_set_nonblock)
753{
754 struct gc_arena gc = gc_new();
755 if (do_listen)
756 {
757 ASSERT(local);
758 msg(M_INFO, "Listening for incoming TCP connection on %s",
759 print_sockaddr(local->ai_addr, &gc));
760 if (listen(sd, 32))
761 {
762 msg(M_ERR, "TCP: listen() failed");
763 }
764 }
765
766 /* set socket to non-blocking mode */
767 if (do_set_nonblock)
768 {
769 set_nonblock(sd);
770 }
771
772 gc_free(&gc);
773}
774
775socket_descriptor_t
776socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
777{
778 /* af_addr_size WILL return 0 in this case if AFs other than AF_INET
779 * are compiled because act is empty here.
780 * could use getsockname() to support later remote_len check
781 */
782 socklen_t remote_len_af = af_addr_size(act->dest.addr.sa.sa_family);
783 socklen_t remote_len = sizeof(act->dest.addr);
784 socket_descriptor_t new_sd = SOCKET_UNDEFINED;
785
786 CLEAR(*act);
787
788 if (nowait)
789 {
790 new_sd = getpeername(sd, &act->dest.addr.sa, &remote_len);
791
792 if (!socket_defined(new_sd))
793 {
794 msg(D_LINK_ERRORS | M_ERRNO, "TCP: getpeername() failed");
795 }
796 else
797 {
798 new_sd = sd;
799 }
800 }
801 else
802 {
803 new_sd = accept(sd, &act->dest.addr.sa, &remote_len);
804 }
805
806#if 0 /* For debugging only, test the effect of accept() failures */
807 {
808 static int foo = 0;
809 ++foo;
810 if (foo & 1)
811 {
812 new_sd = -1;
813 }
814 }
815#endif
816
817 if (!socket_defined(new_sd))
818 {
819 msg(D_LINK_ERRORS | M_ERRNO, "TCP: accept(%d) failed", (int)sd);
820 }
821 /* only valid if we have remote_len_af!=0 */
822 else if (remote_len_af && remote_len != remote_len_af)
823 {
824 msg(D_LINK_ERRORS,
825 "TCP: Received strange incoming connection with unknown address length=%d", remote_len);
826 openvpn_close_socket(new_sd);
827 new_sd = SOCKET_UNDEFINED;
828 }
829 else
830 {
831 /* set socket file descriptor to not pass across execs, so that
832 * scripts don't have access to it */
833 set_cloexec(sd);
834 }
835 return new_sd;
836}
837
838static void
839tcp_connection_established(const struct link_socket_actual *act)
840{
841 struct gc_arena gc = gc_new();
842 msg(M_INFO, "TCP connection established with %s", print_link_socket_actual(act, &gc));
843 gc_free(&gc);
844}
845
846static socket_descriptor_t
847socket_listen_accept(socket_descriptor_t sd, struct link_socket_actual *act,
848 const char *remote_dynamic, const struct addrinfo *local, bool do_listen,
849 bool nowait, volatile int *signal_received)
850{
851 struct gc_arena gc = gc_new();
852 /* struct openvpn_sockaddr *remote = &act->dest; */
853 struct openvpn_sockaddr remote_verify = act->dest;
854 socket_descriptor_t new_sd = SOCKET_UNDEFINED;
855
856 CLEAR(*act);
857 socket_do_listen(sd, local, do_listen, true);
858
859 while (true)
860 {
861 int status;
862 fd_set reads;
863 struct timeval tv;
864
865 FD_ZERO(&reads);
866 openvpn_fd_set(sd, &reads);
867 tv.tv_sec = 0;
868 tv.tv_usec = 0;
869
870 status = select(sd + 1, &reads, NULL, NULL, &tv);
871
872 get_signal(signal_received);
873 if (*signal_received)
874 {
875 gc_free(&gc);
876 return sd;
877 }
878
879 if (status < 0)
880 {
881 msg(D_LINK_ERRORS | M_ERRNO, "TCP: select() failed");
882 }
883
884 if (status <= 0)
885 {
886 management_sleep(1);
887 continue;
888 }
889
890 new_sd = socket_do_accept(sd, act, nowait);
891
892 if (socket_defined(new_sd))
893 {
894 struct addrinfo *ai = NULL;
895 if (remote_dynamic)
896 {
897 openvpn_getaddrinfo(0, remote_dynamic, NULL, 1, NULL,
898 remote_verify.addr.sa.sa_family, &ai);
899 }
900
901 if (ai && !addrlist_match(&remote_verify, ai))
902 {
903 msg(M_WARN, "TCP NOTE: Rejected connection attempt from %s due to --remote setting",
904 print_link_socket_actual(act, &gc));
905 if (openvpn_close_socket(new_sd))
906 {
907 msg(M_ERR, "TCP: close socket failed (new_sd)");
908 }
909 freeaddrinfo(ai);
910 }
911 else
912 {
913 if (ai)
914 {
915 freeaddrinfo(ai);
916 }
917 break;
918 }
919 }
920 management_sleep(1);
921 }
922
923 if (!nowait && openvpn_close_socket(sd))
924 {
925 msg(M_ERR, "TCP: close socket failed (sd)");
926 }
927
928 tcp_connection_established(act);
929
930 gc_free(&gc);
931 return new_sd;
932}
933
934void
935socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix,
936 bool ipv6only)
937{
938 struct gc_arena gc = gc_new();
939
940 /* FIXME (schwabe)
941 * getaddrinfo for the bind address might return multiple AF_INET/AF_INET6
942 * entries for the requested protocol.
943 * For example if an address has multiple A records
944 * What is the correct way to deal with it?
945 */
946
947 struct addrinfo *cur;
948
949 ASSERT(local);
950
951
952 /* find the first addrinfo with correct ai_family */
953 for (cur = local; cur; cur = cur->ai_next)
954 {
955 if (cur->ai_family == ai_family)
956 {
957 break;
958 }
959 }
960 if (!cur)
961 {
962 msg(M_FATAL, "%s: Socket bind failed: Addr to bind has no %s record", prefix,
963 addr_family_name(ai_family));
964 }
965
966 if (ai_family == AF_INET6)
967 {
968 int v6only = ipv6only ? 1 : 0; /* setsockopt must have an "int" */
969
970 msg(M_INFO, "setsockopt(IPV6_V6ONLY=%d)", v6only);
971 if (setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&v6only, sizeof(v6only)))
972 {
973 msg(M_NONFATAL | M_ERRNO, "Setting IPV6_V6ONLY=%d failed", v6only);
974 }
975 }
976 if (bind(sd, cur->ai_addr, cur->ai_addrlen))
977 {
978 msg(M_FATAL | M_ERRNO, "%s: Socket bind failed on local address %s", prefix,
979 print_sockaddr_ex(local->ai_addr, ":", PS_SHOW_PORT, &gc));
980 }
981 gc_free(&gc);
982}
983
984int
985openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout,
986 volatile int *signal_received)
987{
988 int status = 0;
989
990#ifdef TARGET_ANDROID
991 protect_fd_nonlocal(sd, remote);
992#endif
993 set_nonblock(sd);
994 status = connect(sd, remote, af_addr_size(remote->sa_family));
995 if (status)
996 {
997 status = openvpn_errno();
998 }
999 if (
1000#ifdef _WIN32
1001 status == WSAEWOULDBLOCK
1002#else
1003 status == EINPROGRESS
1004#endif
1005 )
1006 {
1007 while (true)
1008 {
1009#if POLL
1010 struct pollfd fds[1];
1011 fds[0].fd = sd;
1012 fds[0].events = POLLOUT;
1013 status = poll(fds, 1, (connect_timeout > 0) ? 1000 : 0);
1014#else
1015 fd_set writes;
1016 struct timeval tv;
1017
1018 FD_ZERO(&writes);
1019 openvpn_fd_set(sd, &writes);
1020 tv.tv_sec = (connect_timeout > 0) ? 1 : 0;
1021 tv.tv_usec = 0;
1022
1023 status = select(sd + 1, NULL, &writes, NULL, &tv);
1024#endif
1025 if (signal_received)
1026 {
1027 get_signal(signal_received);
1028 if (*signal_received)
1029 {
1030 status = 0;
1031 break;
1032 }
1033 }
1034 if (status < 0)
1035 {
1036 status = openvpn_errno();
1037 break;
1038 }
1039 if (status <= 0)
1040 {
1041 if (--connect_timeout < 0)
1042 {
1043#ifdef _WIN32
1044 status = WSAETIMEDOUT;
1045#else
1046 status = ETIMEDOUT;
1047#endif
1048 break;
1049 }
1050 management_sleep(0);
1051 continue;
1052 }
1053
1054 /* got it */
1055 {
1056 int val = 0;
1057 socklen_t len;
1058
1059 len = sizeof(val);
1060 if (getsockopt(sd, SOL_SOCKET, SO_ERROR, (void *)&val, &len) == 0
1061 && len == sizeof(val))
1062 {
1063 status = val;
1064 }
1065 else
1066 {
1067 status = openvpn_errno();
1068 }
1069 break;
1070 }
1071 }
1072 }
1073
1074 return status;
1075}
1076
1077void
1078set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
1079{
1080 CLEAR(*actual);
1081 ASSERT(ai);
1082
1083 if (ai->ai_family == AF_INET)
1084 {
1085 actual->dest.addr.in4 = *((struct sockaddr_in *)ai->ai_addr);
1086 }
1087 else if (ai->ai_family == AF_INET6)
1088 {
1089 actual->dest.addr.in6 = *((struct sockaddr_in6 *)ai->ai_addr);
1090 }
1091 else
1092 {
1093 ASSERT(0);
1094 }
1095}
1096
1097static void
1098socket_connect(socket_descriptor_t *sd, const struct sockaddr *dest, const int connect_timeout,
1099 struct signal_info *sig_info)
1100{
1101 struct gc_arena gc = gc_new();
1102 int status;
1103
1104 msg(M_INFO, "Attempting to establish TCP connection with %s", print_sockaddr(dest, &gc));
1105
1106#ifdef ENABLE_MANAGEMENT
1107 if (management)
1108 {
1109 management_set_state(management, OPENVPN_STATE_TCP_CONNECT, NULL, NULL, NULL, NULL, NULL);
1110 }
1111#endif
1112
1113 /* Set the actual address */
1114 status = openvpn_connect(*sd, dest, connect_timeout, &sig_info->signal_received);
1115
1116 get_signal(&sig_info->signal_received);
1117 if (sig_info->signal_received)
1118 {
1119 goto done;
1120 }
1121
1122 if (status)
1123 {
1124 msg(D_LINK_ERRORS, "TCP: connect to %s failed: %s", print_sockaddr(dest, &gc),
1125 strerror(status));
1126
1127 openvpn_close_socket(*sd);
1128 *sd = SOCKET_UNDEFINED;
1129 register_signal(sig_info, SIGUSR1, "connection-failed");
1130 }
1131 else
1132 {
1133 msg(M_INFO, "TCP connection established with %s", print_sockaddr(dest, &gc));
1134 }
1135
1136done:
1137 gc_free(&gc);
1138}
1139
1140/*
1141 * Stream buffer handling prototypes -- stream_buf is a helper class
1142 * to assist in the packetization of stream transport protocols
1143 * such as TCP.
1144 */
1145
1146static void stream_buf_init(struct stream_buf *sb, struct buffer *buf, const unsigned int sockflags,
1147 const int proto);
1148
1149static void stream_buf_close(struct stream_buf *sb);
1150
1151static bool stream_buf_added(struct stream_buf *sb, int length_added);
1152
1153/* For stream protocols, allocate a buffer to build up packet.
1154 * Called after frame has been finalized. */
1155
1156static void
1157socket_frame_init(const struct frame *frame, struct link_socket *sock)
1158{
1159#ifdef _WIN32
1160 overlapped_io_init(&sock->reads, frame, FALSE);
1161 overlapped_io_init(&sock->writes, frame, TRUE);
1162 sock->rw_handle.read = sock->reads.overlapped.hEvent;
1163 sock->rw_handle.write = sock->writes.overlapped.hEvent;
1164#endif
1165
1166 if (link_socket_connection_oriented(sock))
1167 {
1168#ifdef _WIN32
1169 stream_buf_init(&sock->stream_buf, &sock->reads.buf_init, sock->sockflags,
1170 sock->info.proto);
1171#else
1172 alloc_buf_sock_tun(&sock->stream_buf_data, frame);
1173
1174 stream_buf_init(&sock->stream_buf, &sock->stream_buf_data, sock->sockflags,
1175 sock->info.proto);
1176#endif
1177 }
1178}
1179
1180static void
1181resolve_bind_local(struct link_socket *sock, const sa_family_t af)
1182{
1183 struct gc_arena gc = gc_new();
1184
1185 /* resolve local address if undefined */
1186 if (!sock->info.lsa->bind_local)
1187 {
1188 int flags = GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL | GETADDR_PASSIVE;
1189 int status;
1190
1191 if (proto_is_dgram(sock->info.proto))
1192 {
1193 flags |= GETADDR_DATAGRAM;
1194 }
1195
1196 /* will return AF_{INET|INET6}from local_host */
1197 status = get_cached_dns_entry(sock->dns_cache, sock->local_host, sock->local_port, af,
1198 flags, &sock->info.lsa->bind_local);
1199
1200 if (status)
1201 {
1202 status = openvpn_getaddrinfo(flags, sock->local_host, sock->local_port, 0, NULL, af,
1203 &sock->info.lsa->bind_local);
1204 }
1205
1206 if (status != 0)
1207 {
1208 msg(M_FATAL, "getaddrinfo() failed for local \"%s:%s\": %s", sock->local_host,
1209 sock->local_port, gai_strerror(status));
1210 }
1211
1212 /* the address family returned by openvpn_getaddrinfo() should be
1213 * taken into consideration only if we really passed an hostname
1214 * to resolve. Otherwise its value is not useful to us and may
1215 * actually break our socket, i.e. when it returns AF_INET
1216 * but our remote is v6 only.
1217 */
1218 if (sock->local_host)
1219 {
1220 /* the resolved 'local entry' might have a different family than
1221 * what was globally configured
1222 */
1223 sock->info.af = sock->info.lsa->bind_local->ai_family;
1224 }
1225 }
1226
1227 gc_free(&gc);
1228}
1229
1230static void
1231resolve_remote(struct link_socket *sock, int phase, const char **remote_dynamic,
1232 struct signal_info *sig_info)
1233{
1234 volatile int *signal_received = sig_info ? &sig_info->signal_received : NULL;
1235 struct gc_arena gc = gc_new();
1236
1237 /* resolve remote address if undefined */
1238 if (!sock->info.lsa->remote_list)
1239 {
1240 if (sock->remote_host)
1241 {
1242 unsigned int flags =
1243 sf2gaf(GETADDR_RESOLVE | GETADDR_UPDATE_MANAGEMENT_STATE, sock->sockflags);
1244 int retry = 0;
1245 int status = -1;
1246 struct addrinfo *ai;
1247 if (proto_is_dgram(sock->info.proto))
1248 {
1249 flags |= GETADDR_DATAGRAM;
1250 }
1251
1252 if (sock->resolve_retry_seconds == RESOLV_RETRY_INFINITE)
1253 {
1254 if (phase == 2)
1255 {
1256 flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL);
1257 }
1258 retry = 0;
1259 }
1260 else if (phase == 1)
1261 {
1262 if (sock->resolve_retry_seconds)
1263 {
1264 retry = 0;
1265 }
1266 else
1267 {
1268 flags |= (GETADDR_FATAL | GETADDR_MENTION_RESOLVE_RETRY);
1269 retry = 0;
1270 }
1271 }
1272 else if (phase == 2)
1273 {
1274 if (sock->resolve_retry_seconds)
1275 {
1276 flags |= GETADDR_FATAL;
1277 retry = sock->resolve_retry_seconds;
1278 }
1279 else
1280 {
1281 ASSERT(0);
1282 }
1283 }
1284 else
1285 {
1286 ASSERT(0);
1287 }
1288
1289
1290 status = get_cached_dns_entry(sock->dns_cache, sock->remote_host, sock->remote_port,
1291 sock->info.af, flags, &ai);
1292 if (status)
1293 {
1294 status = openvpn_getaddrinfo(flags, sock->remote_host, sock->remote_port, retry,
1295 sig_info, sock->info.af, &ai);
1296 }
1297
1298 if (status == 0)
1299 {
1300 sock->info.lsa->remote_list = ai;
1301 sock->info.lsa->current_remote = ai;
1302
1303 dmsg(D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d",
1304 flags, phase, retry, signal_received ? *signal_received : -1, status);
1305 }
1306 if (signal_received && *signal_received)
1307 {
1308 goto done;
1309 }
1310 if (status != 0)
1311 {
1312 if (signal_received)
1313 {
1314 /* potential overwrite of signal */
1315 register_signal(sig_info, SIGUSR1, "socks-resolve-failure");
1316 }
1317 goto done;
1318 }
1319 }
1320 }
1321
1322 /* should we re-use previous active remote address? */
1323 if (link_socket_actual_defined(&sock->info.lsa->actual))
1324 {
1325 msg(M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
1326 print_link_socket_actual(&sock->info.lsa->actual, &gc));
1327 if (remote_dynamic)
1328 {
1329 *remote_dynamic = NULL;
1330 }
1331 }
1332 else
1333 {
1334 CLEAR(sock->info.lsa->actual);
1335 if (sock->info.lsa->current_remote)
1336 {
1337 set_actual_address(&sock->info.lsa->actual, sock->info.lsa->current_remote);
1338 }
1339 }
1340
1341done:
1342 gc_free(&gc);
1343}
1344
1345
1346struct link_socket *
1347link_socket_new(void)
1348{
1349 struct link_socket *sock;
1350
1351 ALLOC_OBJ_CLEAR(sock, struct link_socket);
1352 sock->sd = SOCKET_UNDEFINED;
1353 sock->ctrl_sd = SOCKET_UNDEFINED;
1354 sock->ev_arg.type = EVENT_ARG_LINK_SOCKET;
1355 sock->ev_arg.u.sock = sock;
1356
1357 return sock;
1358}
1359
1360void
1361link_socket_init_phase1(struct context *c, int sock_index, int mode)
1362{
1363 struct link_socket *sock = c->c2.link_sockets[sock_index];
1364 struct options *o = &c->options;
1365 ASSERT(sock);
1366
1367 const char *host = o->ce.local_list->array[sock_index]->local;
1368 const char *port = o->ce.local_list->array[sock_index]->port;
1369 int proto = o->ce.local_list->array[sock_index]->proto;
1370 const char *remote_host = o->ce.remote;
1371 const char *remote_port = o->ce.remote_port;
1372
1373 if (remote_host)
1374 {
1375 proto = o->ce.proto;
1376 }
1377
1378 if (c->mode == CM_CHILD_TCP || c->mode == CM_CHILD_UDP)
1379 {
1380 struct link_socket *tmp_sock = NULL;
1381 if (c->mode == CM_CHILD_TCP)
1382 {
1383 tmp_sock = (struct link_socket *)c->c2.accept_from;
1384 }
1385 else if (c->mode == CM_CHILD_UDP)
1386 {
1387 tmp_sock = c->c2.link_sockets[0];
1388 }
1389
1390 host = tmp_sock->local_host;
1391 port = tmp_sock->local_port;
1392 proto = tmp_sock->info.proto;
1393 }
1394
1395 sock->local_host = host;
1396 sock->local_port = port;
1397 sock->remote_host = remote_host;
1398 sock->remote_port = remote_port;
1399 sock->dns_cache = c->c1.dns_cache;
1400 sock->http_proxy = c->c1.http_proxy;
1401 sock->socks_proxy = c->c1.socks_proxy;
1402 sock->bind_local = o->ce.bind_local;
1403 sock->resolve_retry_seconds = o->resolve_retry_seconds;
1404 sock->mtu_discover_type = o->ce.mtu_discover_type;
1405
1406#ifdef ENABLE_DEBUG
1407 sock->gremlin = o->gremlin;
1408#endif
1409
1410 sock->socket_buffer_sizes.rcvbuf = o->rcvbuf;
1411 sock->socket_buffer_sizes.sndbuf = o->sndbuf;
1412
1413 sock->sockflags = o->sockflags;
1414
1415#if PORT_SHARE
1416 if (o->port_share_host && o->port_share_port)
1417 {
1418 sock->sockflags |= SF_PORT_SHARE;
1419 }
1420#endif
1421
1422 sock->mark = o->mark;
1423 sock->bind_dev = o->bind_dev;
1424 sock->info.proto = proto;
1425 sock->info.af = o->ce.af;
1426 sock->info.remote_float = o->ce.remote_float;
1427 sock->info.lsa = &c->c1.link_socket_addrs[sock_index];
1428 sock->info.bind_ipv6_only = o->ce.bind_ipv6_only;
1429 sock->info.ipchange_command = o->ipchange;
1430 sock->info.plugins = c->plugins;
1431 sock->server_poll_timeout = &c->c2.server_poll_interval;
1432
1433 sock->mode = mode;
1434 if (mode == LS_MODE_TCP_ACCEPT_FROM)
1435 {
1436 ASSERT(c->c2.accept_from);
1437 ASSERT(sock->info.proto == PROTO_TCP_SERVER);
1438 sock->sd = c->c2.accept_from->sd;
1439 /* inherit (possibly guessed) info AF from parent context */
1440 sock->info.af = c->c2.accept_from->info.af;
1441 }
1442
1443 /* are we running in HTTP proxy mode? */
1444 if (sock->http_proxy)
1445 {
1446 ASSERT(sock->info.proto == PROTO_TCP_CLIENT);
1447
1448 /* the proxy server */
1449 sock->remote_host = c->c1.http_proxy->options.server;
1450 sock->remote_port = c->c1.http_proxy->options.port;
1451
1452 /* the OpenVPN server we will use the proxy to connect to */
1453 sock->proxy_dest_host = remote_host;
1454 sock->proxy_dest_port = remote_port;
1455 }
1456 /* or in Socks proxy mode? */
1457 else if (sock->socks_proxy)
1458 {
1459 /* the proxy server */
1460 sock->remote_host = c->c1.socks_proxy->server;
1461 sock->remote_port = c->c1.socks_proxy->port;
1462
1463 /* the OpenVPN server we will use the proxy to connect to */
1464 sock->proxy_dest_host = remote_host;
1465 sock->proxy_dest_port = remote_port;
1466 }
1467 else
1468 {
1469 sock->remote_host = remote_host;
1470 sock->remote_port = remote_port;
1471 }
1472
1473 /* bind behavior for TCP server vs. client */
1474 if (sock->info.proto == PROTO_TCP_SERVER)
1475 {
1476 if (sock->mode == LS_MODE_TCP_ACCEPT_FROM)
1477 {
1478 sock->bind_local = false;
1479 }
1480 else
1481 {
1482 sock->bind_local = true;
1483 }
1484 }
1485
1486 if (mode != LS_MODE_TCP_ACCEPT_FROM)
1487 {
1488 if (sock->bind_local)
1489 {
1490 resolve_bind_local(sock, sock->info.af);
1491 }
1492 resolve_remote(sock, 1, NULL, NULL);
1493 }
1494}
1495
1496static void
1497phase2_set_socket_flags(struct link_socket *sock)
1498{
1499 /* set misc socket parameters */
1500 socket_set_flags(sock->sd, sock->sockflags);
1501
1502 /* set socket to non-blocking mode */
1503 set_nonblock(sock->sd);
1504
1505 /* set Path MTU discovery options on the socket */
1506 set_mtu_discover_type(sock->sd, sock->mtu_discover_type, sock->info.af);
1507
1508#if EXTENDED_SOCKET_ERROR_CAPABILITY
1509 /* if the OS supports it, enable extended error passing on the socket */
1510 set_sock_extended_error_passing(sock->sd, sock->info.af);
1511#endif
1512}
1513
1514
1515static void
1516linksock_print_addr(struct link_socket *sock)
1517{
1518 struct gc_arena gc = gc_new();
1519 const int msglevel = (sock->mode == LS_MODE_TCP_ACCEPT_FROM) ? D_INIT_MEDIUM : M_INFO;
1520
1521 /* print local address */
1522 if (sock->bind_local)
1523 {
1524 sa_family_t ai_family = sock->info.lsa->actual.dest.addr.sa.sa_family;
1525 /* Socket is always bound on the first matching address,
1526 * For bound sockets with no remote addr this is the element of
1527 * the list */
1528 struct addrinfo *cur;
1529 for (cur = sock->info.lsa->bind_local; cur; cur = cur->ai_next)
1530 {
1531 if (!ai_family || ai_family == cur->ai_family)
1532 {
1533 break;
1534 }
1535 }
1536 ASSERT(cur);
1537 msg(msglevel, "%s link local (bound): %s",
1538 proto2ascii(sock->info.proto, sock->info.af, true), print_sockaddr(cur->ai_addr, &gc));
1539 }
1540 else
1541 {
1542 msg(msglevel, "%s link local: (not bound)",
1543 proto2ascii(sock->info.proto, sock->info.af, true));
1544 }
1545
1546 /* print active remote address */
1547 msg(msglevel, "%s link remote: %s", proto2ascii(sock->info.proto, sock->info.af, true),
1548 print_link_socket_actual_ex(&sock->info.lsa->actual, ":", PS_SHOW_PORT_IF_DEFINED, &gc));
1549 gc_free(&gc);
1550}
1551
1552static void
1553phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic,
1554 struct signal_info *sig_info)
1555{
1556 ASSERT(sig_info);
1557 volatile int *signal_received = &sig_info->signal_received;
1558 switch (sock->mode)
1559 {
1560 case LS_MODE_DEFAULT:
1561 sock->sd =
1562 socket_listen_accept(sock->sd, &sock->info.lsa->actual, remote_dynamic,
1563 sock->info.lsa->bind_local, true, false, signal_received);
1564 break;
1565
1566 case LS_MODE_TCP_LISTEN:
1567 socket_do_listen(sock->sd, sock->info.lsa->bind_local, true, false);
1568 break;
1569
1570 case LS_MODE_TCP_ACCEPT_FROM:
1571 sock->sd = socket_do_accept(sock->sd, &sock->info.lsa->actual, false);
1572 if (!socket_defined(sock->sd))
1573 {
1574 register_signal(sig_info, SIGTERM, "socket-undefined");
1575 return;
1576 }
1577 tcp_connection_established(&sock->info.lsa->actual);
1578 break;
1579
1580 default:
1581 ASSERT(0);
1582 }
1583}
1584
1585
1586static void
1587phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
1588{
1589 bool proxy_retry = false;
1590 do
1591 {
1592 socket_connect(&sock->sd, sock->info.lsa->current_remote->ai_addr,
1593 get_server_poll_remaining_time(sock->server_poll_timeout), sig_info);
1594
1595 if (sig_info->signal_received)
1596 {
1597 return;
1598 }
1599
1600 if (sock->http_proxy)
1601 {
1602 proxy_retry = establish_http_proxy_passthru(
1603 sock->http_proxy, sock->sd, sock->proxy_dest_host, sock->proxy_dest_port,
1604 sock->server_poll_timeout, &sock->stream_buf.residual, sig_info);
1605 }
1606 else if (sock->socks_proxy)
1607 {
1608 establish_socks_proxy_passthru(sock->socks_proxy, sock->sd, sock->proxy_dest_host,
1609 sock->proxy_dest_port, sock->server_poll_timeout,
1610 sig_info);
1611 }
1612 if (proxy_retry)
1613 {
1614 openvpn_close_socket(sock->sd);
1615 sock->sd = create_socket_tcp(sock->info.lsa->current_remote);
1616 }
1617
1618 } while (proxy_retry);
1619}
1620
1621static void
1622phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
1623{
1624 socket_connect(&sock->ctrl_sd, sock->info.lsa->current_remote->ai_addr,
1625 get_server_poll_remaining_time(sock->server_poll_timeout), sig_info);
1626
1627 if (sig_info->signal_received)
1628 {
1629 return;
1630 }
1631
1632 establish_socks_proxy_udpassoc(sock->socks_proxy, sock->ctrl_sd, &sock->socks_relay.dest,
1633 sock->server_poll_timeout, sig_info);
1634
1635 if (sig_info->signal_received)
1636 {
1637 return;
1638 }
1639
1640 sock->remote_host = sock->proxy_dest_host;
1641 sock->remote_port = sock->proxy_dest_port;
1642
1643 addr_zero_host(&sock->info.lsa->actual.dest);
1644 if (sock->info.lsa->remote_list)
1645 {
1646 freeaddrinfo(sock->info.lsa->remote_list);
1647 sock->info.lsa->current_remote = NULL;
1648 sock->info.lsa->remote_list = NULL;
1649 }
1650
1651 resolve_remote(sock, 1, NULL, sig_info);
1652}
1653
1654#if defined(_WIN32)
1655static void
1656create_socket_dco_win(struct context *c, struct link_socket *sock, struct signal_info *sig_info)
1657{
1658 /* in P2P mode we must have remote resolved at this point */
1659 struct addrinfo *remoteaddr = sock->info.lsa->current_remote;
1660 if ((c->options.mode == MODE_POINT_TO_POINT) && (!remoteaddr))
1661 {
1662 return;
1663 }
1664
1665 if (!c->c1.tuntap)
1666 {
1667 struct tuntap *tt;
1668 ALLOC_OBJ_CLEAR(tt, struct tuntap);
1669
1670 tt->backend_driver = DRIVER_DCO;
1671 tt->options.msg_channel = c->options.msg_channel;
1672
1673 const char *device_guid = NULL; /* not used */
1674 tun_open_device(tt, c->options.dev_node, &device_guid, &c->gc);
1675
1676 /* Ensure we can "safely" cast the handle to a socket */
1677 static_assert(sizeof(sock->sd) == sizeof(tt->hand), "HANDLE and SOCKET size differs");
1678
1679 c->c1.tuntap = tt;
1680 }
1681
1682 if (c->options.mode == MODE_SERVER)
1683 {
1684 dco_mp_start_vpn(c->c1.tuntap->hand, sock);
1685 }
1686 else
1687 {
1688 dco_p2p_new_peer(c->c1.tuntap->hand, &c->c1.tuntap->dco_new_peer_ov, sock, sig_info);
1689 }
1690 sock->sockflags |= SF_DCO_WIN;
1691
1692 if (sig_info->signal_received)
1693 {
1694 return;
1695 }
1696
1697 sock->sd = (SOCKET)c->c1.tuntap->hand;
1698 linksock_print_addr(sock);
1699}
1700#endif /* if defined(_WIN32) */
1701
1702/* finalize socket initialization */
1703void
1704link_socket_init_phase2(struct context *c, struct link_socket *sock)
1705{
1706 const struct frame *frame = &c->c2.frame;
1707 struct signal_info *sig_info = c->sig;
1708
1709 const char *remote_dynamic = NULL;
1710 struct signal_info sig_save = { 0 };
1711
1712 ASSERT(sock);
1713 ASSERT(sig_info);
1714
1715 if (sig_info->signal_received)
1716 {
1717 sig_save = *sig_info;
1718 sig_save.signal_received = signal_reset(sig_info, 0);
1719 }
1720
1721 /* initialize buffers */
1722 socket_frame_init(frame, sock);
1723
1724 /*
1725 * Pass a remote name to connect/accept so that
1726 * they can test for dynamic IP address changes
1727 * and throw a SIGUSR1 if appropriate.
1728 */
1729 if (sock->resolve_retry_seconds)
1730 {
1731 remote_dynamic = sock->remote_host;
1732 }
1733
1734 /* Second chance to resolv/create socket */
1735 resolve_remote(sock, 2, &remote_dynamic, sig_info);
1736
1737 /* If a valid remote has been found, create the socket with its addrinfo */
1738#if defined(_WIN32)
1739 if (dco_enabled(&c->options))
1740 {
1741 create_socket_dco_win(c, sock, sig_info);
1742 goto done;
1743 }
1744#endif
1745 if (sock->info.lsa->current_remote)
1746 {
1747 create_socket(sock, sock->info.lsa->current_remote);
1748 }
1749
1750 /* If socket has not already been created create it now */
1751 if (sock->sd == SOCKET_UNDEFINED)
1752 {
1753 /* If we have no --remote and have still not figured out the
1754 * protocol family to use we will use the first of the bind */
1755
1756 if (sock->bind_local && !sock->remote_host && sock->info.lsa->bind_local)
1757 {
1758 /* Warn if this is because neither v4 or v6 was specified
1759 * and we should not connect a remote */
1760 if (sock->info.af == AF_UNSPEC)
1761 {
1762 msg(M_WARN, "Could not determine IPv4/IPv6 protocol. Using %s",
1763 addr_family_name(sock->info.lsa->bind_local->ai_family));
1764 sock->info.af = sock->info.lsa->bind_local->ai_family;
1765 }
1766 create_socket(sock, sock->info.lsa->bind_local);
1767 }
1768 }
1769
1770 /* Socket still undefined, give a warning and abort connection */
1771 if (sock->sd == SOCKET_UNDEFINED)
1772 {
1773 msg(M_WARN, "Could not determine IPv4/IPv6 protocol");
1774 register_signal(sig_info, SIGUSR1, "Could not determine IPv4/IPv6 protocol");
1775 goto done;
1776 }
1777
1778 if (sig_info->signal_received)
1779 {
1780 goto done;
1781 }
1782
1783 if (sock->info.proto == PROTO_TCP_SERVER)
1784 {
1785 phase2_tcp_server(sock, remote_dynamic, sig_info);
1786 }
1787 else if (sock->info.proto == PROTO_TCP_CLIENT)
1788 {
1789 phase2_tcp_client(sock, sig_info);
1790 }
1791 else if (sock->info.proto == PROTO_UDP && sock->socks_proxy)
1792 {
1793 phase2_socks_client(sock, sig_info);
1794 }
1795#ifdef TARGET_ANDROID
1796 if (sock->sd != -1)
1797 {
1798 protect_fd_nonlocal(sock->sd, &sock->info.lsa->actual.dest.addr.sa);
1799 }
1800#endif
1801 if (sig_info->signal_received)
1802 {
1803 goto done;
1804 }
1805
1806 phase2_set_socket_flags(sock);
1807 linksock_print_addr(sock);
1808
1809done:
1810 if (sig_save.signal_received)
1811 {
1812 /* Always restore the saved signal -- register/throw_signal will handle priority */
1813 if (sig_save.source == SIG_SOURCE_HARD && sig_info == &siginfo_static)
1814 {
1815 throw_signal(sig_save.signal_received);
1816 }
1817 else
1818 {
1819 register_signal(sig_info, sig_save.signal_received, sig_save.signal_text);
1820 }
1821 }
1822}
1823
1824void
1825link_socket_close(struct link_socket *sock)
1826{
1827 if (sock)
1828 {
1829#ifdef ENABLE_DEBUG
1830 const int gremlin = GREMLIN_CONNECTION_FLOOD_LEVEL(sock->gremlin);
1831#else
1832 const int gremlin = 0;
1833#endif
1834
1835 if (socket_defined(sock->sd))
1836 {
1837#ifdef _WIN32
1838 close_net_event_win32(&sock->listen_handle, sock->sd, 0);
1839#endif
1840 if (!gremlin)
1841 {
1842 msg(D_LOW, "TCP/UDP: Closing socket");
1843 if (openvpn_close_socket(sock->sd))
1844 {
1845 msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket failed");
1846 }
1847 }
1848 sock->sd = SOCKET_UNDEFINED;
1849#ifdef _WIN32
1850 if (!gremlin)
1851 {
1852 overlapped_io_close(&sock->reads);
1853 overlapped_io_close(&sock->writes);
1854 }
1855#endif
1856 }
1857
1858 if (socket_defined(sock->ctrl_sd))
1859 {
1860 if (openvpn_close_socket(sock->ctrl_sd))
1861 {
1862 msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket (ctrl_sd) failed");
1863 }
1864 sock->ctrl_sd = SOCKET_UNDEFINED;
1865 }
1866
1867 stream_buf_close(&sock->stream_buf);
1868 free_buf(&sock->stream_buf_data);
1869 if (!gremlin)
1870 {
1871 free(sock);
1872 }
1873 }
1874}
1875
1876void
1877setenv_trusted(struct env_set *es, const struct link_socket_info *info)
1878{
1879 setenv_link_socket_actual(es, "trusted", &info->lsa->actual, SA_IP_PORT);
1880}
1881
1882static void
1883ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info,
1884 struct gc_arena *gc)
1885{
1886 const char *host = print_sockaddr_ex(&info->lsa->actual.dest.addr.sa, " ", PS_SHOW_PORT, gc);
1887 if (include_cmd)
1888 {
1889 argv_parse_cmd(argv, info->ipchange_command);
1890 argv_printf_cat(argv, "%s", host);
1891 }
1892 else
1893 {
1894 argv_printf(argv, "%s", host);
1895 }
1896}
1897
1898void
1899link_socket_connection_initiated(struct link_socket_info *info,
1900 const struct link_socket_actual *act, const char *common_name,
1901 struct env_set *es)
1902{
1903 struct gc_arena gc = gc_new();
1904
1905 info->lsa->actual = *act; /* Note: skip this line for --force-dest */
1906 setenv_trusted(es, info);
1907 info->connection_established = true;
1908
1909 /* Print connection initiated message, with common name if available */
1910 {
1911 struct buffer out = alloc_buf_gc(256, &gc);
1912 if (common_name)
1913 {
1914 buf_printf(&out, "[%s] ", common_name);
1915 }
1916 buf_printf(&out, "Peer Connection Initiated with %s",
1917 print_link_socket_actual(&info->lsa->actual, &gc));
1918 msg(M_INFO, "%s", BSTR(&out));
1919 }
1920
1921 /* set environmental vars */
1922 setenv_str(es, "common_name", common_name);
1923
1924 /* Process --ipchange plugin */
1925 if (plugin_defined(info->plugins, OPENVPN_PLUGIN_IPCHANGE))
1926 {
1927 struct argv argv = argv_new();
1928 ipchange_fmt(false, &argv, info, &gc);
1929 if (plugin_call(info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es)
1930 != OPENVPN_PLUGIN_FUNC_SUCCESS)
1931 {
1932 msg(M_WARN, "WARNING: ipchange plugin call failed");
1933 }
1934 argv_free(&argv);
1935 }
1936
1937 /* Process --ipchange option */
1938 if (info->ipchange_command)
1939 {
1940 struct argv argv = argv_new();
1941 setenv_str(es, "script_type", "ipchange");
1942 ipchange_fmt(true, &argv, info, &gc);
1943 openvpn_run_script(&argv, es, 0, "--ipchange");
1944 argv_free(&argv);
1945 }
1946
1947 gc_free(&gc);
1948}
1949
1950void
1951link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info,
1952 const struct link_socket_actual *from_addr)
1953{
1954 struct gc_arena gc = gc_new();
1955 struct addrinfo *ai;
1956
1957 switch (from_addr->dest.addr.sa.sa_family)
1958 {
1959 case AF_INET:
1960 case AF_INET6:
1961 msg(D_LINK_ERRORS,
1962 "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
1963 print_link_socket_actual(from_addr, &gc), (int)from_addr->dest.addr.sa.sa_family,
1964 print_sockaddr_ex(info->lsa->remote_list->ai_addr, ":", PS_SHOW_PORT, &gc));
1965 /* print additional remote addresses */
1966 for (ai = info->lsa->remote_list->ai_next; ai; ai = ai->ai_next)
1967 {
1968 msg(D_LINK_ERRORS, "or from peer address: %s",
1969 print_sockaddr_ex(ai->ai_addr, ":", PS_SHOW_PORT, &gc));
1970 }
1971 break;
1972 }
1973 buf->len = 0;
1974 gc_free(&gc);
1975}
1976
1977void
1978link_socket_bad_outgoing_addr(void)
1979{
1980 dmsg(D_READ_WRITE, "TCP/UDP: No outgoing address to send packet");
1981}
1982
1983in_addr_t
1984link_socket_current_remote(const struct link_socket_info *info)
1985{
1986 const struct link_socket_addr *lsa = info->lsa;
1987
1988 /*
1989 * This logic supports "redirect-gateway" semantic, which
1990 * makes sense only for PF_INET routes over PF_INET endpoints
1991 *
1992 * Maybe in the future consider PF_INET6 endpoints also ...
1993 * by now just ignore it
1994 *
1995 * For --remote entries with multiple addresses this
1996 * only return the actual endpoint we have successfully connected to
1997 */
1998 if (lsa->actual.dest.addr.sa.sa_family != AF_INET)
1999 {
2000 return IPV4_INVALID_ADDR;
2001 }
2002
2003 if (link_socket_actual_defined(&lsa->actual))
2004 {
2005 return ntohl(lsa->actual.dest.addr.in4.sin_addr.s_addr);
2006 }
2007 else if (lsa->current_remote)
2008 {
2009 return ntohl(((struct sockaddr_in *)lsa->current_remote->ai_addr)->sin_addr.s_addr);
2010 }
2011 else
2012 {
2013 return 0;
2014 }
2015}
2016
2017const struct in6_addr *
2018link_socket_current_remote_ipv6(const struct link_socket_info *info)
2019{
2020 const struct link_socket_addr *lsa = info->lsa;
2021
2022 /* This logic supports "redirect-gateway" semantic,
2023 * for PF_INET6 routes over PF_INET6 endpoints
2024 *
2025 * For --remote entries with multiple addresses this
2026 * only return the actual endpoint we have successfully connected to
2027 */
2028 if (lsa->actual.dest.addr.sa.sa_family != AF_INET6)
2029 {
2030 return NULL;
2031 }
2032
2033 if (link_socket_actual_defined(&lsa->actual))
2034 {
2035 return &(lsa->actual.dest.addr.in6.sin6_addr);
2036 }
2037 else if (lsa->current_remote)
2038 {
2039 return &(((struct sockaddr_in6 *)lsa->current_remote->ai_addr)->sin6_addr);
2040 }
2041 else
2042 {
2043 return NULL;
2044 }
2045}
2046
2047/*
2048 * Return a status string describing socket state.
2049 */
2050const char *
2051socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
2052{
2053 struct buffer out = alloc_buf_gc(64, gc);
2054 if (s)
2055 {
2056 if (rwflags & EVENT_READ)
2057 {
2058 buf_printf(&out, "S%s", (s->rwflags_debug & EVENT_READ) ? "R" : "r");
2059#ifdef _WIN32
2060 buf_printf(&out, "%s", overlapped_io_state_ascii(&s->reads));
2061#endif
2062 }
2063 if (rwflags & EVENT_WRITE)
2064 {
2065 buf_printf(&out, "S%s", (s->rwflags_debug & EVENT_WRITE) ? "W" : "w");
2066#ifdef _WIN32
2067 buf_printf(&out, "%s", overlapped_io_state_ascii(&s->writes));
2068#endif
2069 }
2070 }
2071 else
2072 {
2073 buf_printf(&out, "S?");
2074 }
2075 return BSTR(&out);
2076}
2077
2078/*
2079 * Stream buffer functions, used to packetize a TCP
2080 * stream connection.
2081 */
2082
2083static inline void
2084stream_buf_reset(struct stream_buf *sb)
2085{
2086 dmsg(D_STREAM_DEBUG, "STREAM: RESET");
2087 sb->residual_fully_formed = false;
2088 sb->buf = sb->buf_init;
2089 buf_reset(&sb->next);
2090 sb->len = -1;
2091}
2092
2093static void
2094stream_buf_init(struct stream_buf *sb, struct buffer *buf, const unsigned int sockflags,
2095 const int proto)
2096{
2097 sb->buf_init = *buf;
2098 sb->maxlen = sb->buf_init.len;
2099 sb->buf_init.len = 0;
2100 sb->residual = alloc_buf(sb->maxlen);
2101 sb->error = false;
2102#if PORT_SHARE
2103 sb->port_share_state =
2104 ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCP_SERVER)) ? PS_ENABLED : PS_DISABLED;
2105#endif
2106 stream_buf_reset(sb);
2107
2108 dmsg(D_STREAM_DEBUG, "STREAM: INIT maxlen=%d", sb->maxlen);
2109}
2110
2111static inline void
2112stream_buf_set_next(struct stream_buf *sb)
2113{
2114 /* set up 'next' for next i/o read */
2115 sb->next = sb->buf;
2116 sb->next.offset = sb->buf.offset + sb->buf.len;
2117 sb->next.len = (sb->len >= 0 ? sb->len : sb->maxlen) - sb->buf.len;
2118 dmsg(D_STREAM_DEBUG, "STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%d",
2119 sb->buf.offset, sb->buf.len, sb->next.offset, sb->next.len, sb->len, sb->maxlen);
2120 ASSERT(sb->next.len > 0);
2121 ASSERT(buf_safe(&sb->buf, sb->next.len));
2122}
2123
2124static inline void
2125stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
2126{
2127 dmsg(D_STREAM_DEBUG, "STREAM: GET FINAL len=%d", buf_defined(&sb->buf) ? sb->buf.len : -1);
2128 ASSERT(buf_defined(&sb->buf));
2129 *buf = sb->buf;
2130}
2131
2132static inline void
2133stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
2134{
2135 dmsg(D_STREAM_DEBUG, "STREAM: GET NEXT len=%d", buf_defined(&sb->next) ? sb->next.len : -1);
2136 ASSERT(buf_defined(&sb->next));
2137 *buf = sb->next;
2138}
2139
2140bool
2141stream_buf_read_setup_dowork(struct link_socket *sock)
2142{
2143 if (sock->stream_buf.residual.len && !sock->stream_buf.residual_fully_formed)
2144 {
2145 ASSERT(buf_copy(&sock->stream_buf.buf, &sock->stream_buf.residual));
2146 ASSERT(buf_init(&sock->stream_buf.residual, 0));
2147 sock->stream_buf.residual_fully_formed = stream_buf_added(&sock->stream_buf, 0);
2148 dmsg(D_STREAM_DEBUG, "STREAM: RESIDUAL FULLY FORMED [%s], len=%d",
2149 sock->stream_buf.residual_fully_formed ? "YES" : "NO", sock->stream_buf.residual.len);
2150 }
2151
2152 if (!sock->stream_buf.residual_fully_formed)
2153 {
2154 stream_buf_set_next(&sock->stream_buf);
2155 }
2156 return !sock->stream_buf.residual_fully_formed;
2157}
2158
2159static bool
2160stream_buf_added(struct stream_buf *sb, int length_added)
2161{
2162 dmsg(D_STREAM_DEBUG, "STREAM: ADD length_added=%d", length_added);
2163 if (length_added > 0)
2164 {
2165 sb->buf.len += length_added;
2166 }
2167
2168 /* if length unknown, see if we can get the length prefix from
2169 * the head of the buffer */
2170 if (sb->len < 0 && sb->buf.len >= (int)sizeof(packet_size_type))
2171 {
2172 packet_size_type net_size;
2173
2174#if PORT_SHARE
2175 if (sb->port_share_state == PS_ENABLED)
2176 {
2177 if (!is_openvpn_protocol(&sb->buf))
2178 {
2179 msg(D_STREAM_ERRORS, "Non-OpenVPN client protocol detected");
2180 sb->port_share_state = PS_FOREIGN;
2181 sb->error = true;
2182 return false;
2183 }
2184 else
2185 {
2186 sb->port_share_state = PS_DISABLED;
2187 }
2188 }
2189#endif
2190
2191 ASSERT(buf_read(&sb->buf, &net_size, sizeof(net_size)));
2192 sb->len = ntohps(net_size);
2193
2194 if (sb->len < 1 || sb->len > sb->maxlen)
2195 {
2196 msg(M_WARN,
2197 "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]",
2198 sb->len, sb->maxlen);
2199 stream_buf_reset(sb);
2200 sb->error = true;
2201 return false;
2202 }
2203 }
2204
2205 /* is our incoming packet fully read? */
2206 if (sb->len > 0 && sb->buf.len >= sb->len)
2207 {
2208 /* save any residual data that's part of the next packet */
2209 ASSERT(buf_init(&sb->residual, 0));
2210 if (sb->buf.len > sb->len)
2211 {
2212 ASSERT(buf_copy_excess(&sb->residual, &sb->buf, sb->len));
2213 }
2214 dmsg(D_STREAM_DEBUG, "STREAM: ADD returned TRUE, buf_len=%d, residual_len=%d",
2215 BLEN(&sb->buf), BLEN(&sb->residual));
2216 return true;
2217 }
2218 else
2219 {
2220 dmsg(D_STREAM_DEBUG, "STREAM: ADD returned FALSE (have=%d need=%d)", sb->buf.len, sb->len);
2221 stream_buf_set_next(sb);
2222 return false;
2223 }
2224}
2225
2226static void
2227stream_buf_close(struct stream_buf *sb)
2228{
2229 free_buf(&sb->residual);
2230}
2231
2232/*
2233 * The listen event is a special event whose sole purpose is
2234 * to tell us that there's a new incoming connection on a
2235 * TCP socket, for use in server mode.
2236 */
2237event_t
2238socket_listen_event_handle(struct link_socket *s)
2239{
2240#ifdef _WIN32
2241 if (!defined_net_event_win32(&s->listen_handle))
2242 {
2243 init_net_event_win32(&s->listen_handle, FD_ACCEPT, s->sd, 0);
2244 }
2245 return &s->listen_handle;
2246#else /* ifdef _WIN32 */
2247 return s->sd;
2248#endif
2249}
2250
2251
2252/*
2253 * Bad incoming address lengths that differ from what
2254 * we expect are considered to be fatal errors.
2255 */
2256void
2257bad_address_length(int actual, int expected)
2258{
2259 msg(M_FATAL,
2260 "ERROR: received strange incoming packet with an address length of %d -- we only accept address lengths of %d.",
2261 actual, expected);
2262}
2263
2264/*
2265 * Socket Read Routines
2266 */
2267
2268int
2269link_socket_read_tcp(struct link_socket *sock, struct buffer *buf)
2270{
2271 int len = 0;
2272
2273 if (!sock->stream_buf.residual_fully_formed)
2274 {
2275 /* with Linux-DCO, we sometimes try to access a socket that is
2276 * already installed in the kernel and has no valid file descriptor
2277 * anymore. This is a bug.
2278 * Handle by resetting client instance instead of crashing.
2279 */
2280 if (sock->sd == SOCKET_UNDEFINED)
2281 {
2282 msg(M_INFO, "BUG: link_socket_read_tcp(): sock->sd==-1, reset client instance");
2283 sock->stream_reset = true; /* reset client instance */
2284 return buf->len = 0; /* nothing to read */
2285 }
2286
2287#ifdef _WIN32
2288 sockethandle_t sh = { .s = sock->sd };
2289 len = sockethandle_finalize(sh, &sock->reads, buf, NULL);
2290#else
2291 struct buffer frag;
2292 stream_buf_get_next(&sock->stream_buf, &frag);
2293 len = recv(sock->sd, BPTR(&frag), BLEN(&frag), MSG_NOSIGNAL);
2294#endif
2295
2296 if (!len)
2297 {
2298 sock->stream_reset = true;
2299 }
2300 if (len <= 0)
2301 {
2302 return buf->len = len;
2303 }
2304 }
2305
2306 if (sock->stream_buf.residual_fully_formed
2307 || stream_buf_added(&sock->stream_buf, len)) /* packet complete? */
2308 {
2309 stream_buf_get_final(&sock->stream_buf, buf);
2310 stream_buf_reset(&sock->stream_buf);
2311 return buf->len;
2312 }
2313 else
2314 {
2315 return buf->len = 0; /* no error, but packet is still incomplete */
2316 }
2317}
2318
2319#ifndef _WIN32
2320
2321#if ENABLE_IP_PKTINFO
2322
2323/* make the buffer large enough to handle ancillary socket data for
2324 * both IPv4 and IPv6 destination addresses, plus padding (see RFC 2292)
2325 */
2326#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2327#define PKTINFO_BUF_SIZE \
2328 max_int(CMSG_SPACE(sizeof(struct in6_pktinfo)), CMSG_SPACE(sizeof(struct in_pktinfo)))
2329#else
2330#define PKTINFO_BUF_SIZE \
2331 max_int(CMSG_SPACE(sizeof(struct in6_pktinfo)), CMSG_SPACE(sizeof(struct in_addr)))
2332#endif
2333
2334static socklen_t
2335link_socket_read_udp_posix_recvmsg(struct link_socket *sock, struct buffer *buf,
2336 struct link_socket_actual *from)
2337{
2338 struct iovec iov;
2339 uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
2340 struct msghdr mesg = { 0 };
2341 socklen_t fromlen = sizeof(from->dest.addr);
2342
2343 ASSERT(sock->sd >= 0); /* can't happen */
2344
2345 iov.iov_base = BPTR(buf);
2346 iov.iov_len = buf_forward_capacity_total(buf);
2347 mesg.msg_iov = &iov;
2348 mesg.msg_iovlen = 1;
2349 mesg.msg_name = &from->dest.addr;
2350 mesg.msg_namelen = fromlen;
2351 mesg.msg_control = pktinfo_buf;
2352 mesg.msg_controllen = sizeof pktinfo_buf;
2353 buf->len = recvmsg(sock->sd, &mesg, 0);
2354 if (buf->len >= 0)
2355 {
2356 struct cmsghdr *cmsg;
2357 fromlen = mesg.msg_namelen;
2358 cmsg = CMSG_FIRSTHDR(&mesg);
2359 if (cmsg != NULL && CMSG_NXTHDR(&mesg, cmsg) == NULL
2360#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2361 && cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_PKTINFO
2362 && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_pktinfo)))
2363#elif defined(IP_RECVDSTADDR)
2364 && cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_RECVDSTADDR
2365 && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_addr)))
2366#else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2367#error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
2368#endif
2369 {
2370#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2371 struct in_pktinfo *pkti = (struct in_pktinfo *)CMSG_DATA(cmsg);
2372 from->pi.in4.ipi_ifindex = pkti->ipi_ifindex;
2373 from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst;
2374#elif defined(IP_RECVDSTADDR)
2375 from->pi.in4 = *(struct in_addr *)CMSG_DATA(cmsg);
2376#else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2377#error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
2378#endif
2379 }
2380 else if (cmsg != NULL && CMSG_NXTHDR(&mesg, cmsg) == NULL
2381 && cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_PKTINFO
2382 && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in6_pktinfo)))
2383 {
2384 struct in6_pktinfo *pkti6 = (struct in6_pktinfo *)CMSG_DATA(cmsg);
2385 from->pi.in6.ipi6_ifindex = pkti6->ipi6_ifindex;
2386 from->pi.in6.ipi6_addr = pkti6->ipi6_addr;
2387 }
2388 else if (cmsg != NULL)
2389 {
2390 msg(M_WARN,
2391 "CMSG received that cannot be parsed (cmsg_level=%d, cmsg_type=%d, cmsg=len=%d)",
2392 (int)cmsg->cmsg_level, (int)cmsg->cmsg_type, (int)cmsg->cmsg_len);
2393 }
2394 }
2395
2396 return fromlen;
2397}
2398#endif /* if ENABLE_IP_PKTINFO */
2399
2400int
2401link_socket_read_udp_posix(struct link_socket *sock, struct buffer *buf,
2402 struct link_socket_actual *from)
2403{
2404 socklen_t fromlen = sizeof(from->dest.addr);
2405 socklen_t expectedlen = af_addr_size(sock->info.af);
2406 addr_zero_host(&from->dest);
2407
2408 ASSERT(sock->sd >= 0); /* can't happen */
2409
2410#if ENABLE_IP_PKTINFO
2411 /* Both PROTO_UDPv4 and PROTO_UDPv6 */
2412 if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO)
2413 {
2414 fromlen = link_socket_read_udp_posix_recvmsg(sock, buf, from);
2415 }
2416 else
2417#endif
2418 {
2419 buf->len = recvfrom(sock->sd, BPTR(buf), buf_forward_capacity(buf), 0, &from->dest.addr.sa,
2420 &fromlen);
2421 }
2422 /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
2423 if (buf->len >= 0 && expectedlen && fromlen != expectedlen)
2424 {
2425 bad_address_length(fromlen, expectedlen);
2426 }
2427 return buf->len;
2428}
2429
2430#endif /* ifndef _WIN32 */
2431
2432/*
2433 * Socket Write Routines
2434 */
2435
2436ssize_t
2437link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
2438{
2439 packet_size_type len = BLEN(buf);
2440 dmsg(D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset);
2441 ASSERT(len <= sock->stream_buf.maxlen);
2442 len = htonps(len);
2443 ASSERT(buf_write_prepend(buf, &len, sizeof(len)));
2444#ifdef _WIN32
2445 return link_socket_write_win32(sock, buf, to);
2446#else
2447 return link_socket_write_tcp_posix(sock, buf);
2448#endif
2449}
2450
2451#if ENABLE_IP_PKTINFO
2452
2453ssize_t
2454link_socket_write_udp_posix_sendmsg(struct link_socket *sock, struct buffer *buf,
2455 struct link_socket_actual *to)
2456{
2457 struct iovec iov;
2458 struct msghdr mesg;
2459 struct cmsghdr *cmsg;
2460 uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
2461
2462 iov.iov_base = BPTR(buf);
2463 iov.iov_len = BLEN(buf);
2464 mesg.msg_iov = &iov;
2465 mesg.msg_iovlen = 1;
2466 switch (to->dest.addr.sa.sa_family)
2467 {
2468 case AF_INET:
2469 {
2470 mesg.msg_name = &to->dest.addr.sa;
2471 mesg.msg_namelen = sizeof(struct sockaddr_in);
2472 mesg.msg_control = pktinfo_buf;
2473 mesg.msg_flags = 0;
2474#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2475 mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
2476 cmsg = CMSG_FIRSTHDR(&mesg);
2477 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
2478 cmsg->cmsg_level = SOL_IP;
2479 cmsg->cmsg_type = IP_PKTINFO;
2480 {
2481 struct in_pktinfo *pkti;
2482 pkti = (struct in_pktinfo *)CMSG_DATA(cmsg);
2483 pkti->ipi_ifindex = to->pi.in4.ipi_ifindex;
2484 pkti->ipi_spec_dst = to->pi.in4.ipi_spec_dst;
2485 pkti->ipi_addr.s_addr = 0;
2486 }
2487#elif defined(IP_RECVDSTADDR)
2488 ASSERT(CMSG_SPACE(sizeof(struct in_addr)) <= sizeof(pktinfo_buf));
2489 mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
2490 cmsg = CMSG_FIRSTHDR(&mesg);
2491 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
2492 cmsg->cmsg_level = IPPROTO_IP;
2493 cmsg->cmsg_type = IP_RECVDSTADDR;
2494 *(struct in_addr *)CMSG_DATA(cmsg) = to->pi.in4;
2495#else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2496#error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
2497#endif /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2498 break;
2499 }
2500
2501 case AF_INET6:
2502 {
2503 struct in6_pktinfo *pkti6;
2504 mesg.msg_name = &to->dest.addr.sa;
2505 mesg.msg_namelen = sizeof(struct sockaddr_in6);
2506
2507 ASSERT(CMSG_SPACE(sizeof(struct in6_pktinfo)) <= sizeof(pktinfo_buf));
2508 mesg.msg_control = pktinfo_buf;
2509 mesg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
2510 mesg.msg_flags = 0;
2511 cmsg = CMSG_FIRSTHDR(&mesg);
2512 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
2513 cmsg->cmsg_level = IPPROTO_IPV6;
2514 cmsg->cmsg_type = IPV6_PKTINFO;
2515
2516 pkti6 = (struct in6_pktinfo *)CMSG_DATA(cmsg);
2517 pkti6->ipi6_ifindex = to->pi.in6.ipi6_ifindex;
2518 pkti6->ipi6_addr = to->pi.in6.ipi6_addr;
2519 break;
2520 }
2521
2522 default:
2523 ASSERT(0);
2524 }
2525 return sendmsg(sock->sd, &mesg, 0);
2526}
2527
2528#endif /* if ENABLE_IP_PKTINFO */
2529
2530/*
2531 * Win32 overlapped socket I/O functions.
2532 */
2533
2534#ifdef _WIN32
2535
2536static int
2537socket_get_last_error(const struct link_socket *sock)
2538{
2539 if (socket_is_dco_win(sock))
2540 {
2541 return GetLastError();
2542 }
2543
2544 return WSAGetLastError();
2545}
2546
2547int
2548socket_recv_queue(struct link_socket *sock, int maxsize)
2549{
2550 if (sock->reads.iostate == IOSTATE_INITIAL)
2551 {
2552 WSABUF wsabuf[1];
2553 int status;
2554
2555 /* reset buf to its initial state */
2556 if (proto_is_udp(sock->info.proto))
2557 {
2558 sock->reads.buf = sock->reads.buf_init;
2559 }
2560 else if (proto_is_tcp(sock->info.proto))
2561 {
2562 stream_buf_get_next(&sock->stream_buf, &sock->reads.buf);
2563 }
2564 else
2565 {
2566 ASSERT(0);
2567 }
2568
2569 /* Win32 docs say it's okay to allocate the wsabuf on the stack */
2570 wsabuf[0].buf = BSTR(&sock->reads.buf);
2571 wsabuf[0].len = maxsize ? maxsize : BLEN(&sock->reads.buf);
2572
2573 /* check for buffer overflow */
2574 ASSERT(wsabuf[0].len <= BLEN(&sock->reads.buf));
2575
2576 /* the overlapped read will signal this event on I/O completion */
2577 ASSERT(ResetEvent(sock->reads.overlapped.hEvent));
2578 sock->reads.flags = 0;
2579
2580 if (socket_is_dco_win(sock))
2581 {
2582 status = ReadFile((HANDLE)sock->sd, wsabuf[0].buf, wsabuf[0].len, &sock->reads.size,
2583 &sock->reads.overlapped);
2584 /* Readfile status is inverted from WSARecv */
2585 status = !status;
2586 }
2587 else if (proto_is_udp(sock->info.proto))
2588 {
2589 sock->reads.addr_defined = true;
2590 sock->reads.addrlen = sizeof(sock->reads.addr6);
2591 status = WSARecvFrom(sock->sd, wsabuf, 1, &sock->reads.size, &sock->reads.flags,
2592 (struct sockaddr *)&sock->reads.addr, &sock->reads.addrlen,
2593 &sock->reads.overlapped, NULL);
2594 }
2595 else if (proto_is_tcp(sock->info.proto))
2596 {
2597 sock->reads.addr_defined = false;
2598 status = WSARecv(sock->sd, wsabuf, 1, &sock->reads.size, &sock->reads.flags,
2599 &sock->reads.overlapped, NULL);
2600 }
2601 else
2602 {
2603 status = 0;
2604 ASSERT(0);
2605 }
2606
2607 if (!status) /* operation completed immediately? */
2608 {
2609 /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
2610 int af_len = af_addr_size(sock->info.af);
2611 if (sock->reads.addr_defined && af_len && sock->reads.addrlen != af_len)
2612 {
2613 bad_address_length(sock->reads.addrlen, af_len);
2614 }
2615 sock->reads.iostate = IOSTATE_IMMEDIATE_RETURN;
2616
2617 /* since we got an immediate return, we must signal the event object ourselves */
2618 ASSERT(SetEvent(sock->reads.overlapped.hEvent));
2619 sock->reads.status = 0;
2620
2621 dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive immediate return [%d,%d]",
2622 (int)wsabuf[0].len, (int)sock->reads.size);
2623 }
2624 else
2625 {
2626 status = socket_get_last_error(sock);
2627 if (status == WSA_IO_PENDING) /* operation queued? */
2628 {
2629 sock->reads.iostate = IOSTATE_QUEUED;
2630 sock->reads.status = status;
2631 dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive queued [%d]", (int)wsabuf[0].len);
2632 }
2633 else /* error occurred */
2634 {
2635 struct gc_arena gc = gc_new();
2636 ASSERT(SetEvent(sock->reads.overlapped.hEvent));
2637 sock->reads.iostate = IOSTATE_IMMEDIATE_RETURN;
2638 sock->reads.status = status;
2639 dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive error [%d]: %s", (int)wsabuf[0].len,
2640 strerror_win32(status, &gc));
2641 gc_free(&gc);
2642 }
2643 }
2644 }
2645 return sock->reads.iostate;
2646}
2647
2648int
2649socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
2650{
2651 if (sock->writes.iostate == IOSTATE_INITIAL)
2652 {
2653 WSABUF wsabuf[1];
2654 int status;
2655
2656 /* make a private copy of buf */
2657 sock->writes.buf = sock->writes.buf_init;
2658 sock->writes.buf.len = 0;
2659 ASSERT(buf_copy(&sock->writes.buf, buf));
2660
2661 /* Win32 docs say it's okay to allocate the wsabuf on the stack */
2662 wsabuf[0].buf = BSTR(&sock->writes.buf);
2663 wsabuf[0].len = BLEN(&sock->writes.buf);
2664
2665 /* the overlapped write will signal this event on I/O completion */
2666 ASSERT(ResetEvent(sock->writes.overlapped.hEvent));
2667 sock->writes.flags = 0;
2668
2669 if (socket_is_dco_win(sock))
2670 {
2671 status = WriteFile((HANDLE)sock->sd, wsabuf[0].buf, wsabuf[0].len, &sock->writes.size,
2672 &sock->writes.overlapped);
2673
2674 /* WriteFile status is inverted from WSASendTo */
2675 status = !status;
2676 }
2677 else if (proto_is_udp(sock->info.proto))
2678 {
2679 /* set destination address for UDP writes */
2680 sock->writes.addr_defined = true;
2681 if (to->dest.addr.sa.sa_family == AF_INET6)
2682 {
2683 sock->writes.addr6 = to->dest.addr.in6;
2684 sock->writes.addrlen = sizeof(sock->writes.addr6);
2685 }
2686 else
2687 {
2688 sock->writes.addr = to->dest.addr.in4;
2689 sock->writes.addrlen = sizeof(sock->writes.addr);
2690 }
2691
2692 status = WSASendTo(sock->sd, wsabuf, 1, &sock->writes.size, sock->writes.flags,
2693 (struct sockaddr *)&sock->writes.addr, sock->writes.addrlen,
2694 &sock->writes.overlapped, NULL);
2695 }
2696 else if (proto_is_tcp(sock->info.proto))
2697 {
2698 /* destination address for TCP writes was established on connection initiation */
2699 sock->writes.addr_defined = false;
2700
2701 status = WSASend(sock->sd, wsabuf, 1, &sock->writes.size, sock->writes.flags,
2702 &sock->writes.overlapped, NULL);
2703 }
2704 else
2705 {
2706 status = 0;
2707 ASSERT(0);
2708 }
2709
2710 if (!status) /* operation completed immediately? */
2711 {
2712 sock->writes.iostate = IOSTATE_IMMEDIATE_RETURN;
2713
2714 /* since we got an immediate return, we must signal the event object ourselves */
2715 ASSERT(SetEvent(sock->writes.overlapped.hEvent));
2716
2717 sock->writes.status = 0;
2718
2719 dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send immediate return [%d,%d]", (int)wsabuf[0].len,
2720 (int)sock->writes.size);
2721 }
2722 else
2723 {
2724 status = socket_get_last_error(sock);
2725 /* both status code have the identical value */
2726 if (status == WSA_IO_PENDING || status == ERROR_IO_PENDING) /* operation queued? */
2727 {
2728 sock->writes.iostate = IOSTATE_QUEUED;
2729 sock->writes.status = status;
2730 dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send queued [%d]", (int)wsabuf[0].len);
2731 }
2732 else /* error occurred */
2733 {
2734 struct gc_arena gc = gc_new();
2735 ASSERT(SetEvent(sock->writes.overlapped.hEvent));
2736 sock->writes.iostate = IOSTATE_IMMEDIATE_RETURN;
2737 sock->writes.status = status;
2738
2739 dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send error [%d]: %s", (int)wsabuf[0].len,
2740 strerror_win32(status, &gc));
2741
2742 gc_free(&gc);
2743 }
2744 }
2745 }
2746 return sock->writes.iostate;
2747}
2748
2749void
2750read_sockaddr_from_overlapped(struct overlapped_io *io, struct sockaddr *dst, int overlapped_ret)
2751{
2752 if (overlapped_ret >= 0 && io->addr_defined)
2753 {
2754 /* TODO(jjo): streamline this mess */
2755 /* in this func we don't have relevant info about the PF_ of this
2756 * endpoint, as link_socket_actual will be zero for the 1st received packet
2757 *
2758 * Test for inets PF_ possible sizes
2759 */
2760 switch (io->addrlen)
2761 {
2762 case sizeof(struct sockaddr_in):
2763 case sizeof(struct sockaddr_in6):
2764 /* TODO(jjo): for some reason (?) I'm getting 24,28 for AF_INET6
2765 * under _WIN32*/
2766 case sizeof(struct sockaddr_in6) - 4:
2767 break;
2768
2769 default:
2770 bad_address_length(io->addrlen, af_addr_size(io->addr.sin_family));
2771 }
2772
2773 switch (io->addr.sin_family)
2774 {
2775 case AF_INET:
2776 memcpy(dst, &io->addr, sizeof(struct sockaddr_in));
2777 break;
2778
2779 case AF_INET6:
2780 memcpy(dst, &io->addr6, sizeof(struct sockaddr_in6));
2781 break;
2782 }
2783 }
2784 else
2785 {
2786 CLEAR(*dst);
2787 }
2788}
2789
2799static int
2800read_sockaddr_from_packet(struct buffer *buf, struct sockaddr *dst)
2801{
2802 int sa_len = 0;
2803
2804 const struct sockaddr *sa = (const struct sockaddr *)BPTR(buf);
2805 switch (sa->sa_family)
2806 {
2807 case AF_INET:
2808 sa_len = sizeof(struct sockaddr_in);
2809 if (buf_len(buf) < sa_len)
2810 {
2811 msg(M_FATAL,
2812 "ERROR: received incoming packet with too short length of %d -- must be at least %d.",
2813 buf_len(buf), sa_len);
2814 }
2815 memcpy(dst, sa, sa_len);
2816 buf_advance(buf, sa_len);
2817 break;
2818
2819 case AF_INET6:
2820 sa_len = sizeof(struct sockaddr_in6);
2821 if (buf_len(buf) < sa_len)
2822 {
2823 msg(M_FATAL,
2824 "ERROR: received incoming packet with too short length of %d -- must be at least %d.",
2825 buf_len(buf), sa_len);
2826 }
2827 memcpy(dst, sa, sa_len);
2828 buf_advance(buf, sa_len);
2829 break;
2830
2831 default:
2832 msg(M_FATAL, "ERROR: received incoming packet with invalid address family %d.",
2833 sa->sa_family);
2834 }
2835
2836 return sa_len;
2837}
2838
2839/* Returns the number of bytes successfully read */
2840int
2841sockethandle_finalize(sockethandle_t sh, struct overlapped_io *io, struct buffer *buf,
2842 struct link_socket_actual *from)
2843{
2844 int ret = -1;
2845 BOOL status;
2846
2847 switch (io->iostate)
2848 {
2849 case IOSTATE_QUEUED:
2850 status = SocketHandleGetOverlappedResult(sh, io);
2851 if (status)
2852 {
2853 /* successful return for a queued operation */
2854 if (buf)
2855 {
2856 *buf = io->buf;
2857 }
2858 ret = io->size;
2859 io->iostate = IOSTATE_INITIAL;
2860 ASSERT(ResetEvent(io->overlapped.hEvent));
2861
2862 dmsg(D_WIN32_IO, "WIN32 I/O: Completion success [%d]", ret);
2863 }
2864 else
2865 {
2866 /* error during a queued operation */
2867 ret = -1;
2868 if (SocketHandleGetLastError(sh) != ERROR_IO_INCOMPLETE)
2869 {
2870 /* if no error (i.e. just not finished yet), then DON'T execute this code */
2871 io->iostate = IOSTATE_INITIAL;
2872 ASSERT(ResetEvent(io->overlapped.hEvent));
2873 msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Completion error");
2874 }
2875 }
2876 break;
2877
2878 case IOSTATE_IMMEDIATE_RETURN:
2879 io->iostate = IOSTATE_INITIAL;
2880 ASSERT(ResetEvent(io->overlapped.hEvent));
2881 if (io->status)
2882 {
2883 /* error return for a non-queued operation */
2884 SocketHandleSetLastError(sh, io->status);
2885 ret = -1;
2886 msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Completion non-queued error");
2887 }
2888 else
2889 {
2890 /* successful return for a non-queued operation */
2891 if (buf)
2892 {
2893 *buf = io->buf;
2894 }
2895 ret = io->size;
2896 dmsg(D_WIN32_IO, "WIN32 I/O: Completion non-queued success [%d]", ret);
2897 }
2898 break;
2899
2900 case IOSTATE_INITIAL: /* were we called without proper queueing? */
2901 SocketHandleSetInvalError(sh);
2902 ret = -1;
2903 dmsg(D_WIN32_IO, "WIN32 I/O: Completion BAD STATE");
2904 break;
2905
2906 default:
2907 ASSERT(0);
2908 }
2909
2910 if (from && ret > 0 && sh.is_handle && sh.prepend_sa)
2911 {
2912 ret -= read_sockaddr_from_packet(buf, &from->dest.addr.sa);
2913 }
2914
2915 if (!sh.is_handle && from)
2916 {
2917 read_sockaddr_from_overlapped(io, &from->dest.addr.sa, ret);
2918 }
2919
2920 if (buf)
2921 {
2922 buf->len = ret;
2923 }
2924 return ret;
2925}
2926
2927#endif /* _WIN32 */
2928
2929/*
2930 * Socket event notification
2931 */
2932
2933unsigned int
2934socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg,
2935 unsigned int *persistent)
2936{
2937 if (s)
2938 {
2939 if ((rwflags & EVENT_READ) && !stream_buf_read_setup(s))
2940 {
2941 ASSERT(!persistent);
2942 rwflags &= ~EVENT_READ;
2943 }
2944
2945#ifdef _WIN32
2946 if (rwflags & EVENT_READ)
2947 {
2948 socket_recv_queue(s, 0);
2949 }
2950#endif
2951
2952 /* if persistent is defined, call event_ctl only if rwflags has changed since last call */
2953 if (!persistent || *persistent != rwflags)
2954 {
2955 event_ctl(es, socket_event_handle(s), rwflags, arg);
2956 if (persistent)
2957 {
2958 *persistent = rwflags;
2959 }
2960 }
2961
2962 s->rwflags_debug = rwflags;
2963 }
2964 return rwflags;
2965}
2966
2967void
2968sd_close(socket_descriptor_t *sd)
2969{
2970 if (sd && socket_defined(*sd))
2971 {
2972 openvpn_close_socket(*sd);
2973 *sd = SOCKET_UNDEFINED;
2974 }
2975}
2976
2977#if UNIX_SOCK_SUPPORT
2978
2979/*
2980 * code for unix domain sockets
2981 */
2982
2983const char *
2984sockaddr_unix_name(const struct sockaddr_un *local, const char *null)
2985{
2986 if (local && local->sun_family == PF_UNIX)
2987 {
2988 return local->sun_path;
2989 }
2990 else
2991 {
2992 return null;
2993 }
2994}
2995
2996socket_descriptor_t
2997create_socket_unix(void)
2998{
2999 socket_descriptor_t sd;
3000
3001 if ((sd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
3002 {
3003 msg(M_ERR, "Cannot create unix domain socket");
3004 }
3005
3006 /* set socket file descriptor to not pass across execs, so that
3007 * scripts don't have access to it */
3008 set_cloexec(sd);
3009
3010 return sd;
3011}
3012
3013void
3014socket_bind_unix(socket_descriptor_t sd, struct sockaddr_un *local, const char *prefix)
3015{
3016 struct gc_arena gc = gc_new();
3017 const mode_t orig_umask = umask(0);
3018
3019 if (bind(sd, (struct sockaddr *)local, sizeof(struct sockaddr_un)))
3020 {
3021 msg(M_FATAL | M_ERRNO, "%s: Socket bind[%d] failed on unix domain socket %s", prefix,
3022 (int)sd, sockaddr_unix_name(local, "NULL"));
3023 }
3024
3025 umask(orig_umask);
3026 gc_free(&gc);
3027}
3028
3029socket_descriptor_t
3030socket_accept_unix(socket_descriptor_t sd, struct sockaddr_un *remote)
3031{
3032 socklen_t remote_len = sizeof(struct sockaddr_un);
3033 socket_descriptor_t ret;
3034
3035 CLEAR(*remote);
3036 ret = accept(sd, (struct sockaddr *)remote, &remote_len);
3037 if (ret >= 0)
3038 {
3039 /* set socket file descriptor to not pass across execs, so that
3040 * scripts don't have access to it */
3041 set_cloexec(ret);
3042 }
3043 return ret;
3044}
3045
3046int
3047socket_connect_unix(socket_descriptor_t sd, struct sockaddr_un *remote)
3048{
3049 int status = connect(sd, (struct sockaddr *)remote, sizeof(struct sockaddr_un));
3050 if (status)
3051 {
3052 status = openvpn_errno();
3053 }
3054 return status;
3055}
3056
3057void
3058sockaddr_unix_init(struct sockaddr_un *local, const char *path)
3059{
3060 local->sun_family = PF_UNIX;
3061 strncpynt(local->sun_path, path, sizeof(local->sun_path));
3062}
3063
3064void
3065socket_delete_unix(const struct sockaddr_un *local)
3066{
3067 const char *name = sockaddr_unix_name(local, NULL);
3068 if (name && strlen(name))
3069 {
3070 unlink(name);
3071 }
3072}
3073
3074bool
3075unix_socket_get_peer_uid_gid(const socket_descriptor_t sd, int *uid, int *gid)
3076{
3077#ifdef HAVE_GETPEEREID
3078 uid_t u;
3079 gid_t g;
3080 if (getpeereid(sd, &u, &g) == -1)
3081 {
3082 return false;
3083 }
3084 if (uid)
3085 {
3086 *uid = u;
3087 }
3088 if (gid)
3089 {
3090 *gid = g;
3091 }
3092 return true;
3093#elif defined(SO_PEERCRED)
3094 struct ucred peercred;
3095 socklen_t so_len = sizeof(peercred);
3096 if (getsockopt(sd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1)
3097 {
3098 return false;
3099 }
3100 if (uid)
3101 {
3102 *uid = peercred.uid;
3103 }
3104 if (gid)
3105 {
3106 *gid = peercred.gid;
3107 }
3108 return true;
3109#else /* ifdef HAVE_GETPEEREID */
3110 return false;
3111#endif /* ifdef HAVE_GETPEEREID */
3112}
3113
3114#endif /* if UNIX_SOCK_SUPPORT */
argv_parse_cmd
void argv_parse_cmd(struct argv *argres, const char *cmdstr)
Parses a command string, tokenizes it and puts each element into a separate struct argv argument slot...
Definition argv.c:481
argv_free
void argv_free(struct argv *a)
Frees all memory allocations allocated by the struct argv related functions.
Definition argv.c:101
argv_printf
bool argv_printf(struct argv *argres, const char *format,...)
printf() variant which populates a struct argv.
Definition argv.c:438
argv_printf_cat
bool argv_printf_cat(struct argv *argres, const char *format,...)
printf() inspired argv concatenation.
Definition argv.c:462
argv_new
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
Definition argv.c:87
free_buf
void free_buf(struct buffer *buf)
Definition buffer.c:184
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:241
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
alloc_buf
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
gc_addspecial
void gc_addspecial(void *addr, void(*free_function)(void *), struct gc_arena *a)
Definition buffer.c:438
BSTR
#define BSTR(buf)
Definition buffer.h:128
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:704
BPTR
#define BPTR(buf)
Definition buffer.h:123
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition buffer.h:739
buf_write_prepend
static bool buf_write_prepend(struct buffer *dest, const void *src, int size)
Definition buffer.h:672
buf_reset
static void buf_reset(struct buffer *buf)
Definition buffer.h:303
buf_safe
static bool buf_safe(const struct buffer *buf, size_t len)
Definition buffer.h:518
buf_read
static bool buf_read(struct buffer *src, void *dest, int size)
Definition buffer.h:762
buf_advance
static bool buf_advance(struct buffer *buf, int size)
Definition buffer.h:616
buf_len
static int buf_len(const struct buffer *buf)
Definition buffer.h:253
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition buffer.h:539
ALLOC_OBJ_CLEAR_GC
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition buffer.h:1079
BLEN
#define BLEN(buf)
Definition buffer.h:126
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:361
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition buffer.h:1042
buf_defined
static bool buf_defined(const struct buffer *buf)
Definition buffer.h:228
buf_init
#define buf_init(buf, offset)
Definition buffer.h:209
gc_freeaddrinfo_callback
static void gc_freeaddrinfo_callback(void *addr)
Definition buffer.h:215
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1007
buf_forward_capacity_total
static int buf_forward_capacity_total(const struct buffer *buf)
Definition buffer.h:557
dco_mp_start_vpn
void dco_mp_start_vpn(HANDLE handle, struct link_socket *sock)
Initializes and binds the kernel UDP transport socket for multipeer mode.
Definition dco_win.c:283
dco_p2p_new_peer
void dco_p2p_new_peer(HANDLE handle, OVERLAPPED *ov, struct link_socket *sock, struct signal_info *sig_info)
Definition dco_win.c:327
setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition env_set.c:307
D_WIN32_IO
#define D_WIN32_IO
Definition errlevel.h:172
D_STREAM_ERRORS
#define D_STREAM_ERRORS
Definition errlevel.h:62
D_SOCKET_DEBUG
#define D_SOCKET_DEBUG
Definition errlevel.h:139
D_STREAM_DEBUG
#define D_STREAM_DEBUG
Definition errlevel.h:171
D_INIT_MEDIUM
#define D_INIT_MEDIUM
Definition errlevel.h:103
D_READ_WRITE
#define D_READ_WRITE
Definition errlevel.h:166
D_OSBUF
#define D_OSBUF
Definition errlevel.h:90
D_LOW
#define D_LOW
Definition errlevel.h:96
M_INFO
#define M_INFO
Definition errlevel.h:54
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition errlevel.h:56
EVENT_WRITE
#define EVENT_WRITE
Definition event.h:39
EVENT_READ
#define EVENT_READ
Definition event.h:38
EVENT_ARG_LINK_SOCKET
@ EVENT_ARG_LINK_SOCKET
Definition event.h:138
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition event.h:183
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition fdmisc.c:68
set_cloexec
void set_cloexec(socket_descriptor_t fd)
Definition fdmisc.c:78
openvpn_fd_set
static void openvpn_fd_set(socket_descriptor_t fd, fd_set *setp)
Definition fdmisc.h:39
get_server_poll_remaining_time
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition forward.c:497
forward.h
Interface functions to the internal and external multiplexers.
status
static SERVICE_STATUS status
Definition interactive.c:51
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition manage.c:2778
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition manage.c:4129
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition manage.h:461
alloc_buf_sock_tun
void alloc_buf_sock_tun(struct buffer *buf, const struct frame *frame)
Definition mtu.c:41
set_mtu_discover_type
void set_mtu_discover_type(socket_descriptor_t sd, int mtu_type, sa_family_t proto_af)
Definition mtu.c:218
CLEAR
#define CLEAR(x)
Definition basic.h:32
strerror_win32
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition error.c:782
M_FATAL
#define M_FATAL
Definition error.h:88
M_NONFATAL
#define M_NONFATAL
Definition error.h:89
dmsg
#define dmsg(flags,...)
Definition error.h:170
M_ERR
#define M_ERR
Definition error.h:104
openvpn_errno
#define openvpn_errno()
Definition error.h:71
msg
#define msg(flags,...)
Definition error.h:150
ASSERT
#define ASSERT(x)
Definition error.h:217
M_WARN
#define M_WARN
Definition error.h:90
M_ERRNO
#define M_ERRNO
Definition error.h:93
CM_CHILD_TCP
#define CM_CHILD_TCP
Definition openvpn.h:486
CM_CHILD_UDP
#define CM_CHILD_UDP
Definition openvpn.h:485
MODE_POINT_TO_POINT
#define MODE_POINT_TO_POINT
Definition options.h:260
MODE_SERVER
#define MODE_SERVER
Definition options.h:261
streq
#define streq(x, y)
Definition options.h:727
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition options.h:936
plugin_defined
bool plugin_defined(const struct plugin_list *pl, const int type)
Definition plugin.c:904
plugin_call
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
Definition plugin.h:195
establish_http_proxy_passthru
bool establish_http_proxy_passthru(struct http_proxy_info *p, socket_descriptor_t sd, const char *host, const char *port, struct event_timeout *server_poll_timeout, struct buffer *lookahead, struct signal_info *sig_info)
Definition proxy.c:625
run_command.h
openvpn_run_script
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition run_command.h:89
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition sig.c:204
signal_reset
int signal_reset(struct signal_info *si, int signum)
Clear the signal if its current value equals signum.
Definition sig.c:262
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition sig.c:175
siginfo_static
struct signal_info siginfo_static
Definition sig.c:44
register_signal
void register_signal(struct signal_info *si, int signum, const char *signal_text)
Register a soft signal in the signal_info struct si respecting priority.
Definition sig.c:228
SIG_SOURCE_HARD
#define SIG_SOURCE_HARD
Definition sig.h:30
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition sig.h:109
link_socket_init_phase1
void link_socket_init_phase1(struct context *c, int sock_index, int mode)
Definition socket.c:1361
resolve_bind_local
static void resolve_bind_local(struct link_socket *sock, const sa_family_t af)
Definition socket.c:1181
socket_get_sndbuf
static int socket_get_sndbuf(socket_descriptor_t sd)
Definition socket.c:409
socket_set_sndbuf
static void socket_set_sndbuf(socket_descriptor_t sd, int size)
Definition socket.c:425
socket_listen_accept
static socket_descriptor_t socket_listen_accept(socket_descriptor_t sd, struct link_socket_actual *act, const char *remote_dynamic, const struct addrinfo *local, bool do_listen, bool nowait, volatile int *signal_received)
Definition socket.c:847
link_socket_init_phase2
void link_socket_init_phase2(struct context *c, struct link_socket *sock)
Definition socket.c:1704
socket_send_queue
int socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
Definition socket.c:2649
ipchange_fmt
static void ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
Definition socket.c:1883
socket_get_last_error
static int socket_get_last_error(const struct link_socket *sock)
Definition socket.c:2537
get_ipv6_addr
bool get_ipv6_addr(const char *hostname, struct in6_addr *network, unsigned int *netbits, int msglevel)
Translate an IPv6 addr or hostname from string form to in6_addr.
Definition socket.c:214
link_socket_write_tcp
ssize_t link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition socket.c:2437
link_socket_update_buffer_sizes
void link_socket_update_buffer_sizes(struct link_socket *sock, int rcvbuf, int sndbuf)
Definition socket.c:551
create_socket_udp
static socket_descriptor_t create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
Definition socket.c:598
phase2_tcp_server
static void phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic, struct signal_info *sig_info)
Definition socket.c:1553
create_socket
static void create_socket(struct link_socket *sock, struct addrinfo *addr)
Definition socket.c:669
link_socket_current_remote_ipv6
const struct in6_addr * link_socket_current_remote_ipv6(const struct link_socket_info *info)
Definition socket.c:2018
set_actual_address
void set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
Definition socket.c:1078
socket_set_rcvbuf
static bool socket_set_rcvbuf(socket_descriptor_t sd, int size)
Definition socket.c:452
stream_buf_set_next
static void stream_buf_set_next(struct stream_buf *sb)
Definition socket.c:2112
socket_stat
const char * socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
Definition socket.c:2051
bad_address_length
void bad_address_length(int actual, int expected)
Definition socket.c:2257
stream_buf_added
static bool stream_buf_added(struct stream_buf *sb, int length_added)
Definition socket.c:2160
socket_listen_event_handle
event_t socket_listen_event_handle(struct link_socket *s)
Definition socket.c:2238
sd_close
void sd_close(socket_descriptor_t *sd)
Definition socket.c:2968
get_addr_generic
static int get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, void *network, unsigned int *netbits, int resolve_retry_seconds, struct signal_info *sig_info, int msglevel)
Definition socket.c:79
linksock_print_addr
static void linksock_print_addr(struct link_socket *sock)
Definition socket.c:1516
socket_set_mark
static void socket_set_mark(socket_descriptor_t sd, int mark)
Definition socket.c:512
stream_buf_close
static void stream_buf_close(struct stream_buf *sb)
Definition socket.c:2227
stream_buf_get_final
static void stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
Definition socket.c:2125
socket_connect
static void socket_connect(socket_descriptor_t *sd, const struct sockaddr *dest, const int connect_timeout, struct signal_info *sig_info)
Definition socket.c:1098
bind_local
static void bind_local(struct link_socket *sock, const sa_family_t ai_family)
Definition socket.c:651
stream_buf_read_setup_dowork
bool stream_buf_read_setup_dowork(struct link_socket *sock)
Definition socket.c:2141
phase2_socks_client
static void phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
Definition socket.c:1622
socket_set_tcp_nodelay
static bool socket_set_tcp_nodelay(socket_descriptor_t sd, int state)
Definition socket.c:492
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition socket.c:776
socket_do_listen
static void socket_do_listen(socket_descriptor_t sd, const struct addrinfo *local, bool do_listen, bool do_set_nonblock)
Definition socket.c:751
socket_recv_queue
int socket_recv_queue(struct link_socket *sock, int maxsize)
Definition socket.c:2548
link_socket_close
void link_socket_close(struct link_socket *sock)
Definition socket.c:1825
link_socket_connection_initiated
void link_socket_connection_initiated(struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
Definition socket.c:1899
socket_set_buffers
void socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size *sbs, bool reduce_size)
Sets the receive and send buffer sizes of a socket descriptor.
Definition socket.c:465
streqnull
static bool streqnull(const char *a, const char *b)
Definition socket.c:226
phase2_set_socket_flags
static void phase2_set_socket_flags(struct link_socket *sock)
Definition socket.c:1497
resolve_remote
static void resolve_remote(struct link_socket *sock, int phase, const char **remote_dynamic, struct signal_info *sig_info)
Definition socket.c:1231
do_preresolve_host
static int do_preresolve_host(struct context *c, const char *hostname, const char *servname, const int af, const int flags)
Definition socket.c:270
link_socket_bad_outgoing_addr
void link_socket_bad_outgoing_addr(void)
Definition socket.c:1978
sockethandle_finalize
int sockethandle_finalize(sockethandle_t sh, struct overlapped_io *io, struct buffer *buf, struct link_socket_actual *from)
Definition socket.c:2841
link_socket_current_remote
in_addr_t link_socket_current_remote(const struct link_socket_info *info)
Definition socket.c:1984
socket_get_rcvbuf
static int socket_get_rcvbuf(socket_descriptor_t sd)
Definition socket.c:436
link_socket_read_tcp
int link_socket_read_tcp(struct link_socket *sock, struct buffer *buf)
Definition socket.c:2269
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition socket.c:985
socket_set
unsigned int socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition socket.c:2934
sf2gaf
static unsigned int sf2gaf(const unsigned int getaddr_flags, const unsigned int sockflags)
Definition socket.c:63
get_cached_dns_entry
static int get_cached_dns_entry(struct cached_dns_entry *dns_cache, const char *hostname, const char *servname, int ai_family, int resolve_flags, struct addrinfo **ai)
Definition socket.c:247
do_preresolve
void do_preresolve(struct context *c)
Definition socket.c:314
link_socket_bad_incoming_addr
void link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition socket.c:1951
phase2_tcp_client
static void phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
Definition socket.c:1587
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition socket.c:935
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition socket.c:567
socket_frame_init
static void socket_frame_init(const struct frame *frame, struct link_socket *sock)
Definition socket.c:1157
stream_buf_reset
static void stream_buf_reset(struct stream_buf *sb)
Definition socket.c:2084
stream_buf_get_next
static void stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
Definition socket.c:2133
create_socket_dco_win
static void create_socket_dco_win(struct context *c, struct link_socket *sock, struct signal_info *sig_info)
Definition socket.c:1656
tcp_connection_established
static void tcp_connection_established(const struct link_socket_actual *act)
Definition socket.c:839
socket_set_flags
static bool socket_set_flags(socket_descriptor_t sd, unsigned int sockflags)
Definition socket.c:523
link_socket_new
struct link_socket * link_socket_new(void)
Definition socket.c:1347
read_sockaddr_from_packet
static int read_sockaddr_from_packet(struct buffer *buf, struct sockaddr *dst)
Extracts a sockaddr from a packet payload.
Definition socket.c:2800
sockets_read_residual
bool sockets_read_residual(const struct context *c)
Definition socket.c:45
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition socket.c:187
setenv_trusted
void setenv_trusted(struct env_set *es, const struct link_socket_info *info)
Definition socket.c:1877
read_sockaddr_from_overlapped
void read_sockaddr_from_overlapped(struct overlapped_io *io, struct sockaddr *dst, int overlapped_ret)
Definition socket.c:2750
link_socket_update_flags
bool link_socket_update_flags(struct link_socket *sock, unsigned int sockflags)
Definition socket.c:537
stream_buf_init
static void stream_buf_init(struct stream_buf *sb, struct buffer *buf, const unsigned int sockflags, const int proto)
Definition socket.c:2094
socket_event_handle
static event_t socket_event_handle(const struct link_socket *sock)
Definition socket.h:738
IPV4_INVALID_ADDR
#define IPV4_INVALID_ADDR
Definition socket.h:327
SocketHandleGetOverlappedResult
static BOOL SocketHandleGetOverlappedResult(sockethandle_t sh, struct overlapped_io *io)
Definition socket.h:269
LS_MODE_TCP_ACCEPT_FROM
#define LS_MODE_TCP_ACCEPT_FROM
Definition socket.h:181
SF_DCO_WIN
#define SF_DCO_WIN
Definition socket.h:196
link_socket_connection_oriented
static bool link_socket_connection_oriented(const struct link_socket *sock)
Definition socket.h:379
stream_buf_read_setup
static bool stream_buf_read_setup(struct link_socket *sock)
Definition socket.h:504
SocketHandleSetLastError
static void SocketHandleSetLastError(sockethandle_t sh, DWORD err)
Definition socket.h:283
SocketHandleGetLastError
static int SocketHandleGetLastError(sockethandle_t sh)
Definition socket.h:277
SocketHandleSetInvalError
static void SocketHandleSetInvalError(sockethandle_t sh)
Definition socket.h:289
SF_TCP_NODELAY
#define SF_TCP_NODELAY
Definition socket.h:192
RESOLV_RETRY_INFINITE
#define RESOLV_RETRY_INFINITE
Definition socket.h:48
SF_USE_IP_PKTINFO
#define SF_USE_IP_PKTINFO
Definition socket.h:191
LS_MODE_DEFAULT
#define LS_MODE_DEFAULT
Definition socket.h:179
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition socket.h:242
packet_size_type
uint16_t packet_size_type
Definition socket.h:56
socket_is_dco_win
static bool socket_is_dco_win(const struct link_socket *s)
Returns true if we are on Windows and this link is running on DCO-WIN.
Definition socket.h:522
SF_HOST_RANDOMIZE
#define SF_HOST_RANDOMIZE
Definition socket.h:194
SF_GETADDRINFO_DGRAM
#define SF_GETADDRINFO_DGRAM
Definition socket.h:195
LS_MODE_TCP_LISTEN
#define LS_MODE_TCP_LISTEN
Definition socket.h:180
SF_PORT_SHARE
#define SF_PORT_SHARE
Definition socket.h:193
ntohps
#define ntohps(x)
Definition socket.h:62
link_socket_write_win32
static int link_socket_write_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition socket.h:596
openvpn_close_socket
#define openvpn_close_socket(s)
Definition socket.h:247
htonps
#define htonps(x)
Definition socket.h:59
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition socket_util.c:409
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:38
setenv_link_socket_actual
void setenv_link_socket_actual(struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, const unsigned int flags)
Definition socket_util.c:344
print_link_socket_actual
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition socket_util.c:117
print_link_socket_actual_ex
const char * print_link_socket_actual_ex(const struct link_socket_actual *act, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:127
addr_family_name
const char * addr_family_name(int af)
Definition socket_util.c:446
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition socket_util.h:77
GETADDR_CACHE_MASK
#define GETADDR_CACHE_MASK
Definition socket_util.h:130
link_socket_actual_defined
static bool link_socket_actual_defined(const struct link_socket_actual *act)
Definition socket_util.h:328
GETADDR_TRY_ONCE
#define GETADDR_TRY_ONCE
Definition socket_util.h:124
SA_IP_PORT
#define SA_IP_PORT
Definition socket_util.h:99
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition socket_util.h:127
proto_is_udp
static bool proto_is_udp(int proto)
Returns if the protocol being used is UDP.
Definition socket_util.h:195
GETADDR_FATAL
#define GETADDR_FATAL
Definition socket_util.h:118
GETADDR_UPDATE_MANAGEMENT_STATE
#define GETADDR_UPDATE_MANAGEMENT_STATE
Definition socket_util.h:125
addr_local
static bool addr_local(const struct sockaddr *addr)
Definition socket_util.h:254
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition socket_util.h:31
PROTO_UDP
@ PROTO_UDP
Definition socket_util.h:177
PROTO_TCP_CLIENT
@ PROTO_TCP_CLIENT
Definition socket_util.h:180
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition socket_util.h:179
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition socket_util.h:119
PS_SHOW_PORT_IF_DEFINED
#define PS_SHOW_PORT_IF_DEFINED
Definition socket_util.h:30
GETADDR_RANDOMIZE
#define GETADDR_RANDOMIZE
Definition socket_util.h:126
GETADDR_DATAGRAM
#define GETADDR_DATAGRAM
Definition socket_util.h:128
proto_is_tcp
static bool proto_is_tcp(int proto)
returns if the proto is a TCP variant (tcp-server, tcp-client or tcp)
Definition socket_util.h:215
addr_zero_host
static void addr_zero_host(struct openvpn_sockaddr *addr)
Definition socket_util.h:450
proto_is_dgram
static bool proto_is_dgram(int proto)
Return if the protocol is datagram (UDP)
Definition socket_util.h:206
af_addr_size
static int af_addr_size(sa_family_t af)
Definition socket_util.h:465
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition socket_util.h:117
GETADDR_MENTION_RESOLVE_RETRY
#define GETADDR_MENTION_RESOLVE_RETRY
Definition socket_util.h:120
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition socket_util.h:122
addrlist_match
static bool addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
Definition socket_util.h:349
establish_socks_proxy_passthru
void establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, const char *host, const char *servname, struct event_timeout *server_poll_timeout, struct signal_info *sig_info)
Definition socks.c:448
establish_socks_proxy_udpassoc
void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, struct openvpn_sockaddr *relay_addr, struct event_timeout *server_poll_timeout, struct signal_info *sig_info)
Definition socks.c:512
argv
Definition argv.h:35
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
buffer::offset
int offset
Offset in bytes of the actual content within the allocated memory.
Definition buffer.h:63
cached_dns_entry
Definition socket.h:66
cached_dns_entry::hostname
const char * hostname
Definition socket.h:67
cached_dns_entry::ai_family
int ai_family
Definition socket.h:69
cached_dns_entry::servname
const char * servname
Definition socket.h:68
cached_dns_entry::flags
int flags
Definition socket.h:70
cached_dns_entry::ai
struct addrinfo * ai
Definition socket.h:71
cached_dns_entry::next
struct cached_dns_entry * next
Definition socket.h:72
connection_entry
Definition options.h:104
connection_entry::local_list
struct local_list * local_list
Definition options.h:105
connection_entry::bind_local
bool bind_local
Definition options.h:115
connection_entry::remote
const char * remote
Definition options.h:111
connection_entry::socks_proxy_port
const char * socks_proxy_port
Definition options.h:121
connection_entry::http_proxy_options
struct http_proxy_options * http_proxy_options
Definition options.h:119
connection_entry::bind_ipv6_only
bool bind_ipv6_only
Definition options.h:114
connection_entry::remote_float
bool remote_float
Definition options.h:112
connection_entry::remote_port
const char * remote_port
Definition options.h:110
connection_entry::socks_proxy_server
const char * socks_proxy_server
Definition options.h:120
connection_entry::mtu_discover_type
int mtu_discover_type
Definition options.h:136
connection_entry::proto
int proto
Definition options.h:106
connection_entry::af
sa_family_t af
Definition options.h:107
connection_entry::flags
unsigned int flags
Definition options.h:159
connection_list
Definition options.h:197
connection_list::array
struct connection_entry ** array
Definition options.h:201
connection_list::len
int len
Definition options.h:199
context_1::link_socket_addrs
struct link_socket_addr * link_socket_addrs
Local and remote addresses on the external network.
Definition openvpn.h:159
context_1::link_sockets_num
int link_sockets_num
Definition openvpn.h:158
context_1::http_proxy
struct http_proxy_info * http_proxy
Definition openvpn.h:189
context_1::socks_proxy
struct socks_proxy_info * socks_proxy
Definition openvpn.h:193
context_1::dns_cache
struct cached_dns_entry * dns_cache
Definition openvpn.h:167
context_1::tuntap
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition openvpn.h:172
context_2::server_poll_interval
struct event_timeout server_poll_interval
Definition openvpn.h:408
context_2::accept_from
const struct link_socket * accept_from
Definition openvpn.h:242
context_2::frame
struct frame frame
Definition openvpn.h:248
context_2::link_sockets
struct link_socket ** link_sockets
Definition openvpn.h:237
context
Contains all state information for one tunnel.
Definition openvpn.h:474
context::mode
int mode
Role of this context within the OpenVPN process.
Definition openvpn.h:487
context::sig
struct signal_info * sig
Internal error signaling object.
Definition openvpn.h:503
context::plugins
struct plugin_list * plugins
List of plug-ins.
Definition openvpn.h:505
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:517
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:475
context::gc
struct gc_arena gc
Garbage collection arena for allocations done in the scope of this context structure.
Definition openvpn.h:495
context::c1
struct context_1 c1
Level 1 context.
Definition openvpn.h:516
env_set
Definition env_set.h:43
event_arg::sock
struct link_socket * sock
Definition event.h:148
event_arg::u
union event_arg::@1 u
event_arg::type
event_arg_t type
Definition event.h:144
event_set
Definition event.h:131
frame
Packet geometry parameters.
Definition mtu.h:103
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
http_proxy_info::options
struct http_proxy_options options
Definition proxy.h:70
http_proxy_options::port
const char * port
Definition proxy.h:47
http_proxy_options::server
const char * server
Definition proxy.h:46
link_socket_actual
Definition socket_util.h:50
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket_util.h:53
link_socket_addr
Definition socket.h:77
link_socket_addr::actual
struct link_socket_actual actual
Definition socket.h:82
link_socket_addr::remote_list
struct addrinfo * remote_list
Definition socket.h:79
link_socket_addr::bind_local
struct addrinfo * bind_local
Definition socket.h:78
link_socket_addr::current_remote
struct addrinfo * current_remote
Definition socket.h:80
link_socket_info
Definition socket.h:86
link_socket_info::connection_established
bool connection_established
Definition socket.h:88
link_socket_info::af
sa_family_t af
Definition socket.h:93
link_socket_info::lsa
struct link_socket_addr * lsa
Definition socket.h:87
link_socket_info::ipchange_command
const char * ipchange_command
Definition socket.h:89
link_socket_info::remote_float
bool remote_float
Definition socket.h:91
link_socket_info::plugins
const struct plugin_list * plugins
Definition socket.h:90
link_socket_info::bind_ipv6_only
bool bind_ipv6_only
Definition socket.h:94
link_socket_info::proto
int proto
Definition socket.h:92
link_socket
Definition socket.h:148
link_socket::server_poll_timeout
struct event_timeout * server_poll_timeout
Definition socket.h:220
link_socket::remote_host
const char * remote_host
Definition socket.h:172
link_socket::rwflags_debug
unsigned int rwflags_debug
Definition socket.h:167
link_socket::socket_buffer_sizes
struct socket_buffer_size socket_buffer_sizes
Definition socket.h:187
link_socket::socks_relay
struct link_socket_actual socks_relay
Definition socket.h:212
link_socket::listen_handle
struct rw_handle listen_handle
Definition socket.h:163
link_socket::info
struct link_socket_info info
Definition socket.h:149
link_socket::remote_port
const char * remote_port
Definition socket.h:173
link_socket::bind_local
bool bind_local
Definition socket.h:177
link_socket::local_host
const char * local_host
Definition socket.h:174
link_socket::proxy_dest_port
const char * proxy_dest_port
Definition socket.h:216
link_socket::mark
int mark
Definition socket.h:199
link_socket::local_port
const char * local_port
Definition socket.h:175
link_socket::rw_handle
struct rw_handle rw_handle
Definition socket.h:162
link_socket::writes
struct overlapped_io writes
Definition socket.h:161
link_socket::mtu_discover_type
int mtu_discover_type
Definition socket.h:185
link_socket::sockflags
unsigned int sockflags
Definition socket.h:198
link_socket::ctrl_sd
socket_descriptor_t ctrl_sd
Definition socket.h:157
link_socket::stream_buf
struct stream_buf stream_buf
Definition socket.h:203
link_socket::mode
int mode
Definition socket.h:182
link_socket::socks_proxy
struct socks_proxy_info * socks_proxy
Definition socket.h:211
link_socket::bind_dev
const char * bind_dev
Definition socket.h:200
link_socket::resolve_retry_seconds
int resolve_retry_seconds
Definition socket.h:184
link_socket::proxy_dest_host
const char * proxy_dest_host
Definition socket.h:215
link_socket::http_proxy
struct http_proxy_info * http_proxy
Definition socket.h:208
link_socket::dns_cache
struct cached_dns_entry * dns_cache
Definition socket.h:176
link_socket::stream_buf_data
struct buffer stream_buf_data
Definition socket.h:204
link_socket::ev_arg
struct event_arg ev_arg
this struct will store a pointer to either mi or link_socket, depending on the event type,...
Definition socket.h:151
link_socket::sd
socket_descriptor_t sd
Definition socket.h:156
link_socket::stream_reset
bool stream_reset
Definition socket.h:205
link_socket::reads
struct overlapped_io reads
Definition socket.h:160
local_entry
Definition options.h:97
local_entry::port
const char * port
Definition options.h:99
local_entry::proto
int proto
Definition options.h:100
local_entry::local
const char * local
Definition options.h:98
local_list::array
struct local_entry ** array
Definition options.h:193
local_list::len
int len
Definition options.h:192
management::connection
struct man_connection connection
Definition manage.h:335
openvpn_sockaddr
Definition socket_util.h:38
openvpn_sockaddr::addr
union openvpn_sockaddr::@27 addr
openvpn_sockaddr::sa
struct sockaddr sa
Definition socket_util.h:42
openvpn_sockaddr::in4
struct sockaddr_in in4
Definition socket_util.h:43
openvpn_sockaddr::in6
struct sockaddr_in6 in6
Definition socket_util.h:44
options::resolve_retry_seconds
int resolve_retry_seconds
Definition options.h:367
options::rcvbuf
int rcvbuf
Definition options.h:416
options::ip_remote_hint
const char * ip_remote_hint
Definition options.h:369
options::msg_channel
HANDLE msg_channel
Definition options.h:695
options::ce
struct connection_entry ce
Definition options.h:290
options::ipchange
const char * ipchange
Definition options.h:317
options::mode
int mode
Definition options.h:262
options::bind_dev
char * bind_dev
Definition options.h:421
options::sndbuf
int sndbuf
Definition options.h:417
options::mark
int mark
Definition options.h:420
options::sockflags
unsigned int sockflags
Definition options.h:424
options::dev_node
const char * dev_node
Definition options.h:320
overlapped_io
Definition win32.h:204
overlapped_io::flags
DWORD flags
Definition win32.h:211
overlapped_io::buf
struct buffer buf
Definition win32.h:221
overlapped_io::size
DWORD size
Definition win32.h:210
overlapped_io::overlapped
OVERLAPPED overlapped
Definition win32.h:209
overlapped_io::buf_init
struct buffer buf_init
Definition win32.h:220
overlapped_io::addrlen
int addrlen
Definition win32.h:219
overlapped_io::addr_defined
bool addr_defined
Definition win32.h:213
overlapped_io::iostate
int iostate
Definition win32.h:208
overlapped_io::addr6
struct sockaddr_in6 addr6
Definition win32.h:217
overlapped_io::addr
struct sockaddr_in addr
Definition win32.h:216
overlapped_io::status
int status
Definition win32.h:212
rw_handle
Definition win32.h:80
rw_handle::write
HANDLE write
Definition win32.h:82
rw_handle::read
HANDLE read
Definition win32.h:81
signal_info
Definition sig.h:41
signal_info::signal_text
const char * signal_text
Definition sig.h:44
signal_info::signal_received
volatile int signal_received
Definition sig.h:42
signal_info::source
volatile int source
Definition sig.h:43
socket_buffer_size
Definition socket.h:127
socket_buffer_size::sndbuf
int sndbuf
Definition socket.h:129
socket_buffer_size::rcvbuf
int rcvbuf
Definition socket.h:128
sockethandle_t
Definition socket.h:255
sockethandle_t::s
SOCKET s
Definition socket.h:258
sockethandle_t::is_handle
bool is_handle
Definition socket.h:261
sockethandle_t::prepend_sa
bool prepend_sa
Definition socket.h:262
socks_proxy_info::server
char server[128]
Definition socks.h:40
socks_proxy_info::port
const char * port
Definition socks.h:41
stream_buf
Definition socket.h:103
stream_buf::buf
struct buffer buf
Definition socket.h:109
stream_buf::residual
struct buffer residual
Definition socket.h:105
stream_buf::residual_fully_formed
bool residual_fully_formed
Definition socket.h:107
stream_buf::maxlen
int maxlen
Definition socket.h:106
tuntap_options::msg_channel
HANDLE msg_channel
Definition tun.h:88
tuntap
Definition tun.h:183
tuntap::backend_driver
enum tun_driver_type backend_driver
The backend driver that used for this tun/tap device.
Definition tun.h:193
tuntap::dco_new_peer_ov
OVERLAPPED dco_new_peer_ov
Definition tun.h:220
tuntap::options
struct tuntap_options options
Definition tun.h:205
tuntap::hand
HANDLE hand
Definition tun.h:218
sa_family_t
unsigned short sa_family_t
Definition syshead.h:396
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition syshead.h:438
SOL_IP
#define SOL_IP
Definition syshead.h:389
socket_descriptor_t
SOCKET socket_descriptor_t
Definition syshead.h:440
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition syshead.h:448
ENABLE_IP_PKTINFO
#define ENABLE_IP_PKTINFO
Definition syshead.h:381
es
struct env_set * es
Definition test_pkcs11.c:138
i
int i
Definition test_push_update_msg.c:120
gc
struct gc_arena gc
Definition test_ssl.c:131
tun_open_device
void tun_open_device(struct tuntap *tt, const char *dev_node, const char **device_guid, struct gc_arena *gc)
Definition tun.c:6193
DRIVER_DCO
@ DRIVER_DCO
Definition tun.h:53
init_net_event_win32
void init_net_event_win32(struct rw_handle *event, long network_events, socket_descriptor_t sd, unsigned int flags)
Definition win32.c:219
overlapped_io_init
void overlapped_io_init(struct overlapped_io *o, const struct frame *frame, BOOL event_state)
Definition win32.c:169
close_net_event_win32
void close_net_event_win32(struct rw_handle *event, socket_descriptor_t sd, unsigned int flags)
Definition win32.c:274
overlapped_io_state_ascii
char * overlapped_io_state_ascii(const struct overlapped_io *o)
Definition win32.c:198
overlapped_io_close
void overlapped_io_close(struct overlapped_io *o)
Definition win32.c:185
defined_net_event_win32
static bool defined_net_event_win32(const struct rw_handle *event)
Definition win32.h:93
IOSTATE_IMMEDIATE_RETURN
#define IOSTATE_IMMEDIATE_RETURN
Definition win32.h:207
IOSTATE_INITIAL
#define IOSTATE_INITIAL
Definition win32.h:205
IOSTATE_QUEUED
#define IOSTATE_QUEUED
Definition win32.h:206
Generated by doxygen 1.9.8